Information Technology Reference
In-Depth Information
as a new user. This utility requires all users other
than the root user to enter the password for the
user identity they are trying to assume. Alterna-
tively, a program can run with a set of privileges
different than the set of privileges associated with
the user without performing authentication as the
user. This can be done by setting a specific file
system identifier for the program being executed
with the
setuid
bit. This feature has the effect
of allowing a user executing a program to as-
sume the identity of another user (the owner of
the executable file that is the program) without
authentication. Though commonly used in early
versions of Unix, current security best practices
discourages the use of the
setuid
bit. As with the
Windows
runas
utility, the use of these features
are contrary to the tenets of the “least privilege”
principle and reduces the “accountability” of the
users on the system.
By default, non-root users, users who do not
have super-user privileges, may shutdown the
system. Configuration parameters in Linux can
be changed to restrict this capability to a specific
set of users.
the access denied entries in the list are checked
and if any match the security identifier (SID) of
the user requesting the resource, no other access
control list entries are checked and access is de-
nied. Next the access allowed entries are checked
until enough entries are found to grant access to
the object. If there are not enough entries found to
grant access to the object, or there are no entries
found then object access is denied.
An administrator account exists in Windows
which provides a supreme (super-user) set of privi-
leges. An administrator can set and change access
control lists and can grant or deny user privileges
and can access any object on the Windows system
regardless of the access control list entries for the
object. Windows supports a number of different
administrator accounts each with different levels
of authorization.
Windows also provides access control facilities
to perform certain system actions such as system
shutdown or backup. These are referred to as user
rights and can be assigned to specific users (Win-
dows Privileges). Windows Integrity Controls
(WIC) available in Vista provides capabilities
similar to MAC but does not provide the same
level of security granularity. WIC is a mandatory
access control which overrides discretionary ac-
cess controls such as file permissions and manages
the interaction of objects only allowing the object
initiating the action to interact with objects of the
same or lower privilege. An object which attempts
to interact with an object of higher privilege will
be denied regardless of the permissions of the
user. WIC authorizations are associated with an
object, not the user.
WIC provides stronger authentication and a
finer granularity of control than discretionary
access controls, but it appears to have been imple-
mented primarily to address the damage caused
by malware such as virus and worms and does
not go as far as MAC in providing robust control
over the interaction of objects. Objects which
are considered associated with the Internet are
given low WIC priority and thus have difficulty
authoriZation
windows authorization
Windows authorization involves a set of user and
group identifiers for each user and group on the
system. Objects on the system (files, directories,
peripherals) have associated access control lists
(ACL) which identify which users and groups can
access an object. Actions permitted are
reading
,
executing
,
writing
, and
deleting
. Users can belong
to one or more group.
Authorization in Windows is enforced by the
security reference monitor running in kernel-
space. An access control list identifies the users
or groups that can access an object. The security
reference monitor manages the request for the
object by the program (on behalf of the user). First
Search WWH ::
Custom Search