The following are compound privileges:

BASIC

Basic privileges available to all processes.

BASICROOT

Privileges that provide powers usually associated with UID=0. These privileges together replace the power of root.

POLICY

Policy override privileges and policy configuration privileges. Policy override privileges override compartment rules. Policy configuration privileges control the configuration of fine-grained privileges.

For a complete list of the privileges in each of the sets described above, refer to privileges(5).

Security Implications of Fine-Grained Privileges

Fine-grained privileges are not propagated across distributed systems; they are applied only on the local system. For example a process on one system that has PRIV_DACREAD and PRIV_DACWRITE cannot override discretionary restrictions on another system to read or write to a file.

Privilege Escalation

In certain situations, if you grant a process a certain privilege or set of privileges, that process can gain additional privileges that were not explicitly granted to it. This is called privilege escalation. For example, a process with the PRIV_DACWRITE privilege can overwrite critical operating system files and, in the process, can grant itself additional fine-grained privileges.

Fine-Grained Privileges in HP Serviceguard Clusters

Privilege-aware applications can be monitored by HP Serviceguard. There are no changes to Serviceguard package configuration files or Serviceguard package management to support fine-grained privileges. No changes were made in Serviceguard scripts to facilitate the use of fine-grained privileges.

To maintain proper Serviceguard operations when deploying HP-UX 11i Security Containment features to Serviceguard nodes or packages:

Ensure root (UID=0) has full privileges in the INIT compartment.

Ensure fine-grained privileges implementations do not create security risks for Serviceguard clusters.

Troubleshooting Fine-Grained Privileges

If something is not working on your system and you suspect the problem is occurring because of fine-grained privileges, you can check your fine-grained privileges configuration as follows.

Problem 1: Even though fine-grained privileges are assigned to a binary file, processes that use exec() to access the binary are not receiving the assigned fine-grained privileges. Solution: Check for one of the following situations.

Is the file in question a script?

Any fine-grained privileges assigned to shell scripts are ignored.

Has the file changed since the fine-grained privileges were assigned?

When a file is modified, its fine-grained privilege attributes are lost. Run the following command either before or after you modify the file:

# setfilexsec -d filename

Security Implications of Fine-Grained Privileges

55

Page 54 Page 56
Page 55
Image 55
HP UX 11i Role-based Access Control (RBAC) Software Security Implications of Fine-Grained Privileges, Privilege Escalation
Page 54 Page 56
Top Page Image Contents