摘要
传统Linux本地用户管理中存在一些安全问题,例如由于用户信息管理由应用层实现,导致密码文件/etc/shadow只能由root访问和修改,为了让普通用户能修改自己的密码等需要特权的操作引入set uid/set gid机制,结果 set uid/set gid程序存在缓冲区溢出漏洞使系统遭受严重安全威胁.为此我们设计出一种新的安全用户管理机制,在内核中管理用户信息,通过系统调用提供用户信息访问和身份切换服务,消除set uid/set gid,简化安全设计,提高系统安全.
Traditional Linux local user management have some security implemented by application layer, then password file/etc/shadow can need privileges to change password ,then set uid/set gid mechanism is problems, as user information management is only be accessed by root, but normal users designed, but set uid/set gid programs that have buffer overflows can seriously theat system security. We design a new security user management mechanism, which manages user information in kernel space, supplies user information access and identity switch services through system call, eliminates set uid/set gid mechanism, simplifies security design and improves system security.
出处
《吉林师范大学学报(自然科学版)》
2012年第3期94-97,共4页
Journal of Jilin Normal University:Natural Science Edition
