From Atomicorp Wiki
Revision as of 11:11, 16 March 2015 by Mshinn (Talk | contribs)

Jump to: navigation, search

Trusted Path Execution (TPE)

TPE is an ASL feature that prevent users from executing binaries that are either not owned by the root user, a trusted user, or are world-writable or writable by an untrusted user. This is useful to prevent users from uploading and executing their own malicious binaries or accidentally executing world or untrusted user writable system binaries and scripts that could have been modified by a malicious user. This security feature in ASL prevents a whole category of exploits whereby a malicious user tries to execute his or her own code to compromise the system.

This features is best thought of as a "defense in depth" means that makes both uploading malware and backdooring applications on the system harmless because the uploaded malware either cant be executed or the backdoored code can also not be executed because it has been configured insecurely. This also makes privilege escalation harder when an account restricted by TPE is compromised as the attacker won't be able to execute custom binaries, scripts and other tools which are either not in the trusted path, or are not owned by a trusted user. This feature can also prevent race conditions on code executed by non root users.

Replacing world writable, or group writable files or scripts is a well known and very old attack, and TPE prevents it from being exploited.

Personal tools