ACM Transactions on Computer Systems (TOCS)
Practical UNIX security
The design and implementation of the 4.4BSD operating system
The design and implementation of the 4.4BSD operating system
On the implementation of security measures in information systems
Communications of the ACM
Protection in an information processing utility
Communications of the ACM
The temporal logic of programs
SFCS '77 Proceedings of the 18th Annual Symposium on Foundations of Computer Science
Hi-index | 0.00 |
On usual UNIX systems, a privileged user of root is allowed to acquire any user's authority without authentication process. If an intruder obtains the root privilege by taking advantage of system's security hole, he can abuse network reachability of any user of the system to break into other sites. Thus we present a new system design where the authority of users is protected from root by introducing a new user substitution mechanism. However, even if we introduce the new mechanism, on usual UNIX systems, the intruder can get the authority using many other methods for root. We implement the new user substitution mechanism and the mechanisms which prevent the intruder from using such methods in FreeBSD-4.2, and confirm that the system design is effective.