SIGNUP LOGIN

HOME TUTORIALS SCRIPTS ANSWERS ONLINE SERVICES TOOLS BLOG FORUM JOBS

Secure Programmer: Minimizing Privileges

By David A. Wheeler
2005-05-27

Secure programs must minimize privileges so that any bugs are less likely to be become security vulnerabilities. This article discusses how to minimize privileges by minimizing the privileged modules, the privileges granted, and the time the privileges are active. The article discusses not only some of the traditional UNIX-like mechanisms for privileges, but some of the newer mechanisms like the FreeBSD jail(), the Linux Security Modules (LSM) framework, and Security-Enhanced Linux (SELinux).

On March 3rd, 2003, Internet Security Systems warned of a serious vulnerability in Sendmail. All electronic mail is transferred using a mail transfer agent (MTA), and Sendmail is the most popular MTA, so this warning affected many organizations worldwide. The problem was that an e-mail message with a carefully-crafted "from," "to," or "cc" field could give the sender complete (root) control over any machine running Sendmail as it's commonly configured. Even worse, typical firewalls would not protect interior machines from this attack.

The immediate cause of the vulnerability was that one of Sendmail's security checks was flawed, permitting a buffer overflow. But a significant contributing factor is that Sendmail is often installed as a monolithic "setuid root" program, with complete control over the system it runs on. Thus, any flaw in Sendmail can give an attacker immediate control over the entire system.

Is this design necessary? No; a popular competing MTA is Wietse Venema's Postfix. Postfix, like Sendmail, does a number of security checks, but Postfix is also designed as a set of modules that minimize privilege. As a result, Postfix is generally accepted as a more secure program than Sendmail. This article discusses how to minimize privileges, so you can apply the same ideas to your programs.

Tutorial pages: Taking the fangs out of bugs Basics of minimizing privileges Minimize privileged modules Minimize privileges granted Minimize privileges' time Newer mechanisms Conclusions Resources

First published by IBM DeveloperWorks

Stumble It!

3 Votes Select Rating Excellent Very Good Good Fair Poor Showcase Your Tutorials

You might also want to check these out: How to Install PHP 5 on Linux How to Install Apache 2 on Linux How to Install MySQL 5.0 on Linux SMB Caching Mound --Bind Tar Wild Card Interpretation

You must be logged in to post a comment.

Link to This Tutorial Page!
<a href="http://www.developertutorials.com/tutorials/linux/secure-programmer-minimizing-privileges-050527/page1.html" title="Secure Programmer: Minimizing Privileges">Secure Programmer: Minimizing Privileges - Secure Programmer: Minimizing Privileges</a>

Tutorials AJAX ASP CGI & Perl CSS Flash HTML Illustrator Java JavaScript Linux MySQL PHP Photoshop Python Wireless XML Miscellaneous Scripts AJAX ASP ASP.NET CGI & Perl Flash Java JavaScript PHP Python Remotely Hosted Tools & Utilities XML Online Services Domain Names Hard Drive Recovery Internet Marketing Online Backup Online Training Payment Processing SaaS Software Escrow Web Design Web Development Web Hosting Directory Web Hosting Articles Developer Manuals Learn HTML Learn PHP Learn CSS Learn AJAX Learn JavaScript Learn Pear White Papers Resources Tutorial Directory Webmaster News Developer Content

Write For Us | Advertise with Us
Website Design by Ducani Media Group. Copyright ©2004-2010 NetVisits, Inc. All Rights Reserved. Privacy Policy.