Set-UID Privileged Programs

Flashcards covering key vocabulary related to Set-UID Privileged Programs, including definitions of important terms and concepts.

Privileged Program

A program that is privileged to do important tasks/jobs which a normal user cannot do.

Shadow File

File in Linux where users’ passwords are stored.

Access Control

Basic protection mechanism used in Linux operating system.

User Isolation

Each user will have a different access permissions on a file.

User ID (UID)

Identifies each user on a system.

Root

Has a UID of 0.

Access Control List

Describes which users have which permissions on a file.

passwd program

Used to change password in Linux.

Daemons

Computer program that runs as the background process; needs to run as root or other privileged users.

Set-UID Programs

Program marked with a special bit; special bit tells OS that this is a special program and should be treated specially.

Set-UID Concept

Allow users to run programs with temporary elevated privileges.

Real UID (RUID)

Identifies real owner of process.

Effective UID (EUID)

Identifies privilege of a process; access control is based on this.

/bin/id command(program)

Used to print the user IDs of running processes.

Buffer Overflow

Overflowing a buffer to run malicious code.

Format String Vulnerability

Changing program behavior using user inputs as format strings.

Environment Variables

These are set of named-values e.g. PATH is an environmental variable.

PATH Environment Variable

Used by shell programs to locate a command if the user does not provide the full path for the command.

Capability Leaking

Privileged programs downgrade themselves during execution.

Principle of Isolation

Don’t mix code and data.

Principle of Least Privilege

A privileged program should be given the power which is required to perform it’s tasks.