Privilege separation (original) (raw)
En programación, separación de privilegios es una técnica que se usa para atenuar el daño potencial de un ataque a la seguridad de una computadora. En su forma más básica, un programa de computadora se bifurca en dos procesos. El programa principal se descarta de privilegios y el programa más pequeño mantiene privilegios de manera de poder realizar una tarea determinada. Las dos partes se comunican mediante un par de sockets. Así, cualquier ataque exitoso contra el programa principal ganará un acceso mínimo, a pesar de que el par de programas será aún capaz de realizar operaciones privilegiadas.
| Property | Value |
|---|---|
| dbo:abstract | En programación, separación de privilegios es una técnica que se usa para atenuar el daño potencial de un ataque a la seguridad de una computadora. En su forma más básica, un programa de computadora se bifurca en dos procesos. El programa principal se descarta de privilegios y el programa más pequeño mantiene privilegios de manera de poder realizar una tarea determinada. Las dos partes se comunican mediante un par de sockets. Así, cualquier ataque exitoso contra el programa principal ganará un acceso mínimo, a pesar de que el par de programas será aún capaz de realizar operaciones privilegiadas. (es) In computer programming and computer security, privilege separation is one software-based technique for implementing the principle of least privilege. With privilege separation, a program is divided into parts which are limited to the specific privileges they require in order to perform a specific task. This is used to mitigate the potential damage of a computer security vulnerability. A common method to implement privilege separation is to have a computer program fork into two processes. The main program drops privileges, and the smaller program keeps privileges in order to perform a certain task. The two halves then communicate via a socket pair. Thus, any successful attack against the larger program will gain minimal access, even though the pair of programs will be capable of performing privileged operations. Privilege separation is traditionally accomplished by distinguishing a real user ID/group ID from the effective user ID/group ID, using the setuid(2)/setgid(2) and related system calls, which were specified by POSIX. If these are incorrectly positioned, gaps can allow widespread network penetration. Many network service daemons have to do a specific privileged operation such as open a raw socket or an Internet socket in the well known ports range. Administrative utilities can require particular privileges at run-time as well. Such software tends to separate privileges by revoking them completely after the critical section is done, and change the user it runs under to some unprivileged account after so doing. This action is known as dropping root under Unix-like operating systems. The unprivileged part is usually run under the "nobody" user or an equivalent separate user account. Privilege separation can also be done by splitting functionality of a single program into multiple smaller programs, and then assigning the extended privileges to particular parts using file system permissions. That way the different programs have to communicate with each other through the operating system, so the scope of the potential vulnerabilities is limited (since a crash in the less privileged part cannot be exploited to gain privileges, merely to cause a denial-of-service attack). Separation of privileges is one of the major OpenBSD security features. The implementation of Postfix was focused on implementing comprehensive privilege separation. Another email server software designed with privilege separation and security in mind is Dovecot. Solaris implements a separate set of functions for privilege bracketing. (en) |
| dbo:wikiPageExternalLink | http://niels.xtdnet.nl/papers/privsep.pdf http://www.openbsd.org/papers/ven05-deraadt/ https://web.archive.org/web/20120102075206/http:/www.citi.umich.edu/u/provos/ssh/privsep.html https://docs.oracle.com/cd/E19109-01/tsolaris8/816-1042/6m7g4ma52/index.html |
| dbo:wikiPageID | 1039022 (xsd:integer) |
| dbo:wikiPageLength | 4013 (xsd:nonNegativeInteger) |
| dbo:wikiPageRevisionID | 1095889062 (xsd:integer) |
| dbo:wikiPageWikiLink | dbr:OpenBSD_security_features dbr:Principle_of_least_privilege dbr:Denial-of-service_attack dbr:Unix-like dbr:Defensive_programming dbr:Internet_socket dbr:Computer_network dbr:Computer_security dbr:Run_time_(program_lifecycle_phase) dbr:Nobody_(username) dbr:Confused_deputy_problem dbr:Theo_de_Raadt dbr:Computer_program dbr:Computer_programming dbr:Setuid dbr:File_system_permissions dbr:POSIX dbr:Privilege_escalation dbr:Privilege_(computing) dbr:Privilege_revocation_(computing) dbr:Process_(computing) dbr:Crash_(computing) dbc:Computer_security_procedures dbr:Dovecot_(software) dbr:Postfix_(software) dbr:Solaris_(operating_system) dbr:Operating_system dbr:Capability-based_security dbr:System_call dbr:Sandbox_(computer_security) dbr:Unix_domain_socket dbr:Niels_Provos dbr:Exploit_(computer_security) dbr:Privilege_bracketing dbr:Raw_socket dbr:Software_utility dbr:Setgid dbr:Daemon_(computer_software) dbr:Group_ID dbr:Fork_(operating_system) dbr:User_ID dbr:TCP_and_UDP_port_numbers dbr:Peter_Honeyman dbr:Markus_Friedl |
| dbp:wikiPageUsesTemplate | dbt:Unreferenced |
| dct:subject | dbc:Computer_security_procedures |
| gold:hypernym | dbr:Technique |
| rdf:type | dbo:TopicalConcept yago:WikicatComputerSecurityProcedures yago:Abstraction100002137 yago:Act100030358 yago:Activity100407535 yago:Event100029378 yago:Procedure101023820 yago:PsychologicalFeature100023100 yago:YagoPermanentlyLocatedEntity |
| rdfs:comment | En programación, separación de privilegios es una técnica que se usa para atenuar el daño potencial de un ataque a la seguridad de una computadora. En su forma más básica, un programa de computadora se bifurca en dos procesos. El programa principal se descarta de privilegios y el programa más pequeño mantiene privilegios de manera de poder realizar una tarea determinada. Las dos partes se comunican mediante un par de sockets. Así, cualquier ataque exitoso contra el programa principal ganará un acceso mínimo, a pesar de que el par de programas será aún capaz de realizar operaciones privilegiadas. (es) In computer programming and computer security, privilege separation is one software-based technique for implementing the principle of least privilege. With privilege separation, a program is divided into parts which are limited to the specific privileges they require in order to perform a specific task. This is used to mitigate the potential damage of a computer security vulnerability. (en) |
| rdfs:label | Separación de privilegios (es) Privilege separation (en) |
| owl:sameAs | freebase:Privilege separation yago-res:Privilege separation wikidata:Privilege separation dbpedia-es:Privilege separation dbpedia-fa:Privilege separation https://global.dbpedia.org/id/4tdzE |
| prov:wasDerivedFrom | wikipedia-en:Privilege_separation?oldid=1095889062&ns=0 |
| foaf:isPrimaryTopicOf | wikipedia-en:Privilege_separation |
| is dbo:wikiPageRedirects of | dbr:Drop_privileges dbr:Dropping_privileges dbr:Dropping_root dbr:Privileges-drop dbr:Privileges_drop dbr:Unprivileged_processes |
| is dbo:wikiPageWikiLink of | dbr:Row_hammer dbr:OpenBSD_security_features dbr:Principle_of_least_privilege dbr:UW_IMAP dbr:Unix_security dbr:Comparison_of_BSD_operating_systems dbr:Setuid dbr:D-Bus dbr:Page_cache dbr:Privilege_escalation dbr:Privilege_revocation_(computing) dbr:H2O_(web_server) dbr:BSD_Authentication dbr:Access_token dbr:Drop_privileges dbr:Dropping_privileges dbr:Dropping_root dbr:Secure_cryptoprocessor dbr:Object-capability_model dbr:OpenBGPD dbr:OpenBSD dbr:OpenNTPD dbr:OpenSMTPD dbr:OpenVPN dbr:Sendmail dbr:Solar_Designer dbr:Privilege_bracketing dbr:User_space_and_kernel_space dbr:Privileges-drop dbr:Privileges_drop dbr:Unprivileged_processes |
| is foaf:primaryTopic of | wikipedia-en:Privilege_separation |