The Design and Implementation of a Linux Kernel Module for File Descriptor Revocation
5 Pages Posted: 31 Jul 2019
Date Written: July 31, 2019
Privilege separation systems that are implemented in applications such as Chromium and OpenSSH Dae- mon(SSHD) are complex, cumbersome because they have to be built on top of traditional Access Control List(ACL) systems. Properties such as least privilege operations along with effective solutions to problems that plague ACL based implementations, such as the Confused Deputy problem makes Capabilities much more capable when compared with the current Mandatory Access Control (MAC)/ Discretionary Access Control(DAC) systems in use within the POSIX systems for implementing privilege separated applications. While some work has been done on integrating a capability system into Linux, the final implementation provided solution for a specific subset of problems that a typical Capability based systems addresses. We provide a kernel module that enhances the Linux File Descriptors (FD) with revocation property, that while providing as a starting point for future refinements and improvements for creating a Capability system, also provides sufficient advantages to existing work flows that involves privilege separation.
Keywords: Privilege Separation, Capability, File Descrip-tor, Revocation, Kernel Module
Suggested Citation: Suggested Citation