CS 3733 Operating Systems
Lecture 7 [9/15/97]: Protection
Reading: Chapter 4.5 of Tanenbaum
- Basic terminology
- Object - any entity that has a name or identity (e.g.
processes, CPU, memory segments, files, etc.
- Right - permission to perform a type of operation on an object.
- Domain - a set of (object, right) pairs.
Basic operations for protection:
- CREATE OBJECT
- DELETE OBJECT
- CREATE DOMAIN
- DELETE DOMAIN
- INSERT RIGHT
- REMOVE RIGHT
- A process runs in some protection domain. But a process can
switch from one domain to another.
- Domains in Unix
- Domain of a process is defined by its UID and its GID.
- If a process
exec's
a file that has
its SETUID
or SETGID
bit set, the
process switches to the domain associated with the owner or
group of the file.
- A process with enough privileges can change its domain
explicitly:
#include
#include
int setuid(uid_t uid);
int setegid(gid_t egid);
int seteuid(uid_t euid);
int setgid(gid_t gid);
- Kernel has its own set of priveleges. In a system call, the
process executes with the system priveleges.
- Multics
- Ring model - inner ring has most privelege.
- Up to 64 rings deep.
- Procedures could have a domain that was a different ring than
its caller.
- A trap occurred when one procedure called another that resided
in a different domain.
- Methods of keeping track