We address the problem of restricting root's ability to change arbitrary files on disk, in order to prevent abuse on most current desktop operating systems. The approach first in- volves recognizing and separating out the ability to config-ure a system from the ability to use the system to perform tasks. The permission to modify configuration of the system is then further subdivided in order to restrict applications from modifying the file-system objects of other applications. We explore the division of root's current ability to change arbitrary -files on disk and discuss a prototype that proves out the viability of the approach for designated system-wide file-system objects. Our architecture exposes a control point available for use to enforce policies that prevent one appli-cation from modifying another's file-system objects. In ad- ition, we review in detail the permissions given to current installers, and alternative approaches for secure software in- stallation. Copyright 2010 ACM.

Additional Metadata
Keywords File-system protection, Install, System configuration
Persistent URL dx.doi.org/10.1145/1866307.1866333
Conference 17th ACM Conference on Computer and Communications Security, CCS'10
Citation
Wurster, G. (Glenn), & Van Oorschot, P. (2010). A control point for reducing root abuse of file-system privileges. Presented at the 17th ACM Conference on Computer and Communications Security, CCS'10. doi:10.1145/1866307.1866333