Difference between revisions of "TPE"

From Atomicorp Wiki
Jump to: navigation, search
(Created page with "= Trusted Path Execution (TPE) = TPE is an ASL feature that prevent users from executing binaries that are either not owned by the root user, a trusted user, or are world...")
 
m (Trusted Path Execution (TPE))
Line 1: Line 1:
 
= Trusted Path Execution (TPE) =
 
= Trusted Path Execution (TPE) =
  
TPE is an [[ASL]] feature that prevent users from executing binaries that are either not owned by the root user, a trusted user, or are world-writable or writable by an untrusted user. This is useful to prevent users from uploading and executing their own malicious binaries or accidentally executing world or untrusted user writable system binaries and scripts that could have been modified by a malicious user.
+
TPE is an [[ASL]] feature that prevent users from executing binaries that are either not owned by the root user, a trusted user, or are world-writable or writable by an untrusted user. This is useful to prevent users from uploading and executing their own malicious binaries or accidentally executing world or untrusted user writable system binaries and scripts that could have been modified by a malicious user.  This security feature in ASL prevents a whole category of exploits whereby a malicious user tries to execute his or her own code to compromise the system.
  
This features is best thought of as a "defense in depth" means that make uploading malware either meaningless (if it cant be executed, then its not a threat), and to make privilege escalation harder when an account restricted by TPE is compromised as the attacker won't be able to execute custom binaries, scripts and other tools which are either not in the trusted path, or are not owned by a trusted user.  This feature can also prevent race conditions on code executed by non root users.  
+
This features is best thought of as a "defense in depth" means that makes both uploading malware and backdooring applications on the system harmless because the uploaded malware either cant be executed or the backdoored code can also not be executed because it has been configured insecurely.  This also makes privilege escalation harder when an account restricted by TPE is compromised as the attacker won't be able to execute custom binaries, scripts and other tools which are either not in the trusted path, or are not owned by a trusted user.  This feature can also prevent race conditions on code executed by non root users.  
  
 
Replacing world writable, or group writable files or scripts is a well known and very old attack, and TPE prevents it from being exploited.
 
Replacing world writable, or group writable files or scripts is a well known and very old attack, and TPE prevents it from being exploited.

Revision as of 10:11, 16 March 2015

Trusted Path Execution (TPE)

TPE is an ASL feature that prevent users from executing binaries that are either not owned by the root user, a trusted user, or are world-writable or writable by an untrusted user. This is useful to prevent users from uploading and executing their own malicious binaries or accidentally executing world or untrusted user writable system binaries and scripts that could have been modified by a malicious user. This security feature in ASL prevents a whole category of exploits whereby a malicious user tries to execute his or her own code to compromise the system.

This features is best thought of as a "defense in depth" means that makes both uploading malware and backdooring applications on the system harmless because the uploaded malware either cant be executed or the backdoored code can also not be executed because it has been configured insecurely. This also makes privilege escalation harder when an account restricted by TPE is compromised as the attacker won't be able to execute custom binaries, scripts and other tools which are either not in the trusted path, or are not owned by a trusted user. This feature can also prevent race conditions on code executed by non root users.

Replacing world writable, or group writable files or scripts is a well known and very old attack, and TPE prevents it from being exploited.

Personal tools