Show simple item record

dc.contributor.authorDittmer, Mark Stephen 19:05:15 (GMT) 19:05:15 (GMT)
dc.description.abstractThis work revisits the setuid family of calls for privilege management that is implemented in several widely-used operating systems. Three of the four commonly used calls in the family are standardized by POSIX. The work investigates the current status of setuid and, in the process, challenges some assertions in prior work. It addresses three sets of questions with regards to the setuid family: (1) Is the POSIX standard indeed broken as prior work suggests? (2) Are implementations POSIX-compliant as claimed? (3) Are the wrapper functions that prior work proposes to circumvent issues with setuid calls correct and usable? Towards (1), the standards are expressed in a precise syntax that lends itself to a rigorous assessment of whether the standards are unambiguous and logically consistent descriptions of well-formed functions. Under some reasonable assumptions, two of the three functions that are standardized fit these criteria, which challenges assertions in prior work regarding the quality of the standard. In cases wherein the standard is broken, the problem is clearly characterized, and suggestions are given for fixing standard, but at the cost of backwards-compatibility. Towards (2), a state-space enumeration is performed as in prior work, and a discussion of the implications of non-conformance and differences in implementation is presented. Towards (3), some issues with prior wrappers are identified. The work proposes a new suite of wrapper functions which are designed with a different mindset from prior work, and provides both stronger guarantees with respect to atomicity and a clearer semantics for permanent and temporary changes in process identity. With a fresh approach, this work is a contribution to a well-established mechanism for privilege management.en
dc.publisherUniversity of Waterlooen
dc.subjectOperating Systemsen
dc.subjectSecurity and Protectionen
dc.subjectManagement of Computing and Information Systemsen
dc.titleThe UNIX Process Identity Crisis: A Standards-Driven Approach to Setuiden
dc.typeMaster Thesisen
dc.subject.programElectrical and Computer Engineeringen and Computer Engineeringen
uws-etd.degreeMaster of Applied Scienceen

Files in this item


This item appears in the following Collection(s)

Show simple item record


University of Waterloo Library
200 University Avenue West
Waterloo, Ontario, Canada N2L 3G1
519 888 4883

All items in UWSpace are protected by copyright, with all rights reserved.

DSpace software

Service outages