Skip to content

Instantly share code, notes, and snippets.

@ssokolow

ssokolow/response.md Secret

Created December 10, 2023 02:31
Show Gist options
  • Save ssokolow/9f6ae42c4bb18ebb23f7ff2525f95cad to your computer and use it in GitHub Desktop.
Save ssokolow/9f6ae42c4bb18ebb23f7ff2525f95cad to your computer and use it in GitHub Desktop.
Download ZIP
Response that a glitchy forum didn't want to accept as a post
Raw
response.md
  • Linux implements ACLs, so those rwx permissions can be declared in a much more granular way than just User/Group/Other. (See the setfacl(1) command.)
  • rwx is more nuanced than you think, with "x" serving as both "executable" for files and "browsable" for directories.
  • Basic permissions are actually four values, not three, with the fourth octet's "setuid, setgid, and sticky" having alternative meanings for directories. Namely, setuid and setgid on a directory specify that files and directories created in it should inherit their UID/GID ownership from it instead of the creating process, and the "sticky bit" is the "restricted deletion" bit, which specifies that only the creator of a file in such a directory (eg. /tmp) can delete it.
  • There are also file attributes, settable with chattr(1) such as append-only, immutable (and irremovable), case-insensitive child name lookups (if supported by the filesystem), and a bunch of other attributes that are more about filesystem behaviour than security policy.
  • Root permissions have been parted out into POSIX Capabilities so you can run a program with only a specific slice of root's power, such as the ability to open low-numbered ports (CAP_NET_BIND_SERVICE) or the ability to chroot (CAP_SYS_CHROOT). This has also been extended to the ability to mark executables to inherently run with certain capabilities as a more granular replacement for setuid. (eg. This is how ping no longer need to be setuid. It's been marked to run with CAP_NET_RAW instead.) POSIX capabilities also allow a process and its descendants to be marked as SECBIT_NOROOT... that is, you can say that, even if a process manages to elevate to UID 0, it doesn't get the superpowers like arbitrarily changing file ownership, reading files it doesn't have permission to read, etc.)
  • Linux has cgroups-based sandboxing and tools built on it like Firejail and Bubblewrap. Last I checked, the closest Windows equivalent was something Microsoft explicitly said was not intended as a security boundary, being more like a proprietary analogue to Docker containers.
  • There are probably others that have slipped my mind at the moment.

If that's not enough for you, there are Mandatory Access Control frameworks like SELinux.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment