摘要: Setuid programs are often exploited by malicious attackers to obtain unauthorized access local systems. programs, especially owned the root user, granted privileges, allowing gain privileges exploiting vulnerabilities in setuid-root programs. The usually lie code that does not require privileges. Nevertheless, entire of is This paper presents a scheme called privileged minimization reduces risk setuid In this scheme, divided into and non-privileged code. Privileged while not. size trusted computing base (TCB) because it running with reducing chances gaining subverting Protection between nonprivileged enforced fine-grained protection domains: novel mechainsm operating system proposed authors.
researchgate.net 参考文章(23)
Matt Bishop, How To Write a Setuid Program ,(2001)
Takashi Masuda, Takahiro Shinagawa, Kenji Kono, Exploiting Segmentation Mechanism for Protecting against Malicious Mobile Code ,(2000)
Lincoln D. Stein, SBOX: put CGI scripts in a box usenix annual technical conference. pp. 11- 11 ,(1999)
David A. Wheeler, Secure Programming for Linux and Unix HOWTO ,(2003)
Daniel F. Sterne, David L. Sherman, Kenneth M. Walker, Lee Badger, Sheila A. Haghighat, A domain and type enforcement UNIX prototype usenix security symposium. pp. 12- 12 ,(1995)
Hermann Härtig, Michael Hohmuth, Jochen Liedtke, Sebastian Schönberg, The performance of μ-kernel-based systems symposium on operating systems principles. ,vol. 31, pp. 66- 77 ,(1997) , 10.1145/268998.266660
Richard Witek, Richard L. Sites, Alpha AXP architecture reference manual Digital Press. ,(1995)
Anurag Acharya, Mandar Raje, MAPbox: using parameterized behavior classes to confine untrusted applications usenix security symposium. pp. 1- 1 ,(2000)
Greg Morrisett, David Walker, Karl Crary, Neal Glew, From system F to typed assembly language ACM Transactions on Programming Languages and Systems. ,vol. 21, pp. 527- 568 ,(1999) , 10.1145/319301.319345
Robert Wahbe, Steven Lucco, Thomas E. Anderson, Susan L. Graham, Efficient software-based fault isolation symposium on operating systems principles. ,vol. 27, pp. 203- 216 ,(1993) , 10.1145/168619.168635