The management of administrative privileges in Oracle Solaris

-

Oracle Solaris presents an interesting approach for distributing root privileges to Solaris users. Their approach has been stable since it was defined in 2003. The approach adopted the RBAC model for defining roles that Solaris users can assume. Solaris considers the root account as a role that users can take. In Solaris, roles are user accounts that cannot log in; thus, each role has an associated password that can be shared by a group of users that share the same role.

From the kernel point of view, Solaris defines four sets of privileges for each process: Effective set, permitted set, Inheritable set, and Limit set. Effective and permitted sets are handled in the same manner as Linux. However, Inheritable and Limit sets are calculated differently during exec() call. In particular, Solaris authorizes the inheritance of privileges after an exec() call, even when the executable doesn’t have privileges stored in its binary. More interestingly, instead of storing privileges in the extended attributes of executables, Solaris provides administrators with a set of central databases (user_attr, prof_attr, and exec_attr) for storing privileges and roles, and user attributes. 

Under Solaris, administrators should define the privileges they can grant to the right profile using the profiles command. They can then assign the right profile to roles or users using rolemod and usermod commands. Users can obtain these privileges when logged in if the right profile is assigned to them directly or when they assume roles if the right profile is granted to roles.

In addition, Solaris allows administrators to define the programs (e.g.,/usr/sbin/snoop) or even scripts that a user/role can use with the privileges defined in the right profile. Administrators can also define the resource that can be used with the privilege. For example, administrators can limit the use of net_privaddr (which allows any program to bind to a port less than 1024) to port 80 and TCP protocols. 

For more clarification, we have implemented our Python script scenario in Solaris 11.3. We have first defined the right profile for an HTTP server python script and the privileges to attribute to this script (net_privaddr and file_dac_execute).  



Then we assign the right profile to a role (testrole) using the command rolemod. And finally, we let the user test assume the role testrole



Interestingly, testrole permits only to execute httpserver4.py, the script declared in the right profile, but not httppython4.py, which is a copy of httpserver4.py, but not declared in the right profile

 


In addition, it is possible to precise the resources on which privileges can be used. For example, the privilege net_privaddr permits to our script to bind to any port less than 1024. We may refine this privilege by allowing our script to bind only at port 80. We can also restrict the privilege file_dac_execute to execute only our script.

 


Finally, Solaris provides users the command ppriv (ppriv –De command) for knowing which privileges programs ask for. This is an important feature that is not present in Linux, but developed by a RootAsRole using eBPF https://github.com/SamerW/RootAsRole

 

Comments

Post a Comment

Popular posts from this blog

ChatGPT or CheatGPT? The impact of ChatGPT on education

-
Image
On November 30, OpenAI launched its AI chatbot called ChatGPT. ChatGPT is the most important revolution we have ever had on the Internet, much more important than Blockchains and NFTs. The capacities of ChatGPT are phenomenal. It can do many things, such as writing poems, writing and summarising articles, writing and debugging codes, and solving puzzles and mathematical questions. In addition, the ChatGPT tool can also be used with other tools such as DALL.E 2 (https://openai.com/dall-e-2/) to generate drawings or the Philosopher AI to answer philosophical questions (https://philosopherai.com/). Some tools can also allow the creation of music based on our lyrics. For example, we may use ChatGPT to generate some lyrics and give them to another AI tool to develop our song. If we look at the impacts of these tools pessimistically, the development of AI tools would mean the end of human intelligence and the triumph of human stupidity when only influential individuals can access these tools...
Read more

What does information security really mean?

-
Security is defined by Meriam-Webster Dictionary  [1] as  the quality or state of being secure.  Secure itself is defined as :  free from danger  or free from risk of loss If we have one million dollars and live in a utopian world, we will not be worried about the dangers that could exist to our money. We may leave our money in the street and label them with our name; no one will take them. Thus, the security and even trust concepts are not relevant in this world because we are sure that everyone is good and has good intentions. In a dystopian world, we are almost sure that dangers exist. Therefore, almost everyone is interested in our assets. In this world, Security is critical as it is the only way that allows us to survive. Trust is relevant also but should be used much less frequently than Security.   In the real world, we are between the utopia and dystopia worlds. We are not sure about the existence or absence of dangers, and yet we need to make decis...
Read more

Abstract Mathematical Explanation with Examples for Neural Networks

-
Image
In this article, I will explain the core ideas of neural networks from an abstract mathematical perspective. By "abstract", I mean that I will try to explain the "why" of mathematical concepts without covering all mathematical details. To simplify the mathematical concepts of neural networks, I will use some analogies from real life situations, with visualisations and examples.  I will start by explaining why we need neural networks, and then discuss the role of optimisation and backpropagation algorithms.  Why Do We Need Neural Networks  Neural networks are tools that allow us to approximate complex multivariate functions representing the relationships between dataset inputs and outputs. Typically, it is not feasible to define one explicit equation that can reproduce these multivariate functions. The role of training is thus to approximate them. Indeed, most neural networks architectures are based on a mathematical theorem called Universal Approximation Theorem. Th...
Read more