Operating Systems

Recitation 11, June 9-10, 2002

Motivation

• Privileged facility needs to be available for general users.

• Example:

Allow user to perform specific operation that

requires root permissions.

Process and file identities

• Process:

(user ID, group ID) x (real, effective)real: user running program

effective: user whose permissions are used to

access files and resources.

• File:

owner ID, group owner ID

domain (set user ID) bit.

Domain bit (set user ID bit)

• If user X executes a file owned by Y, whose domain bit is off, then real and effective user ID’s of process are set to X.

• If domain bit is on, then real user ID of process is set to X, and effective user ID is set to Y.

Process real and effective user ID’s

#include <sys/types.h>

#include <unistd.h>

uid_t getuid(void);

uid_t geteuid(void);

• Return real, effective user ID of calling process.

Process real and effective user ID’s

#include <sys/types.h>#include <unistd.h>int setuid(uid_t uid);• Sets both real and effective user ID’s.• Only super-user.int seteuid(uid_t uid);• Set effective user ID of process.• Return 0 if OK, -1 on error.

Password file

• User name• Encrypted password• Numerical user ID• Numerical group ID• Comment field• Initial working dir• Initial shell

char* pw_name

char* pw_passwd

uid_t pw_uid

gid_t pw_gid

char* pw_gecos

char* pw_dir

char* pw_shell

Entries in password file

#include <sys/types.h>#include <pwd.h>struct passwd* getpwuid(uid_t uid);struct passwd* getpwnam(const char *name);• Return pointer if OK, NULL on error.• Examples:

– getpwuid is used by ls program to map numerical user ID in i-node to user’s login.

– getpwnam is used by login program when entering login name.

Passwords in Unix

• Encryption of Unix passwords: one-way function (crypt).

• User passwords are far from random.• Brute force (statistical, dictionary): educated

guess, apply function, compare result.• Shadow passwords: instead of visible encrypted

passwords (in /etc/passwd file), store with root access (in /etc/shadow file).

• Breakable.

Exercise description

• Write a program that reads information from two files which only have owner permissions, by setting the program’s set-user-ID bit.

• User x runs a program owned by user y, and the program’s domain (suid) bit is on.

• Users x and y each have a secret file in their initial directory that only they can access.

• Program prints a line from both files.

Exercise description

1. Get real user ID (user running program).

Set effective user to real user (if file suid bit is on then effective user was initially the program owner).

Read first line of file named secret which in user’s initial directory, and printout user’s name, full path of secret file, and first line of secret file.

Exercise description

2. Get user ID of program owner using stat function (st_uid member in stat structure).

Exercise description

3. Get user name and initial directory of program owner.

Set effective user ID (back) to program owner.

Read first line of secret file which is in user’s initial directory, and printout user’s name, full path of secret file, and first line of secret file.

Exercise notes

• Save file named secret only with owner read/write permissions (chmod 600).

• Other users can access this file only using the ex-suid program.

Exercise description

• Example run:% /tmp/y/programreal user: xsecret file: /a/home/cc/students/cs/x/secretsecret: Xprogram owner: ysecret file: /a/home/cc/cs/y/secretsecret: Y

Exercise submission

• Submission: optional.• Software

Directory: ~username/os02b/ex-suidFiles: ex-suid.cPermissions: chmod ugo+rx (to above)

• Hardcopyname, ID, login, CIDex-suid.csubmit in 281, Nir Noimark, nirn@post.tau.ac.il

• Environment: Unix, Linux

References

• Operating systems, Sivan Toledo, Akademon, 2001.

• Operating systems concepts, Abraham Silberschatz and Peter Galvin, 1994.

• Advanced programming in the Unix environment, Richard Stevens, Addison-Wesley, 1993.