Difference between revisions of "TPE"

From Atomicorp Wiki
Jump to: navigation, search
(Created page with "= Trusted Path Execution (TPE) = TPE is an ASL feature that prevent users from executing binaries that are either not owned by the root user, a trusted user, or are world...")

Revision as of 10:06, 16 March 2015

Trusted Path Execution (TPE)

TPE is an ASL feature that prevent users from executing binaries that are either not owned by the root user, a trusted user, or are world-writable or writable by an untrusted user. This is useful to prevent users from uploading and executing their own malicious binaries or accidentally executing world or untrusted user writable system binaries and scripts that could have been modified by a malicious user.

This features is best thought of as a "defense in depth" means that make uploading malware either meaningless (if it cant be executed, then its not a threat), and to make privilege escalation harder when an account restricted by TPE is compromised as the attacker won't be able to execute custom binaries, scripts and other tools which are either not in the trusted path, or are not owned by a trusted user. This feature can also prevent race conditions on code executed by non root users.

Replacing world writable, or group writable files or scripts is a well known and very old attack, and TPE prevents it from being exploited.

Personal tools