IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [privilege-separation]

Privilege separation is the design pattern of breaking a system into components such that each component can be granted a smaller set of permissions than a combined system would need. Thus restricting the capabilities of an attacker who compromises that component.

15 questions
8
votes
3 answers

Difference between root login and passwordless sudo

Cloud images of some popular operating systems do not let the user to log in as root, yet they use a very standard user name (for example ec2-user, ubuntu) and allow these users to use passwordless sudo. What is the reason for this choice? Is it…
Julian
  • 83
  • 3
5
votes
2 answers

Isn't separating privileges less useful on a PC, as all my critical data is in my normal user account?

Separating privileges, i.e using a non-admin account and escalating only when needed, seems to be something everyone agrees on. I can roughly understand why it's important on every system : prevent an attacker from modifying the system and taking…
Hey
  • 1,905
  • 1
  • 16
  • 23
5
votes
4 answers

Node.js REST server running as root

I am building a REST API server using Node.js and Express, that will allow you to turn any Linux server into a NAS. I have several fileExec which basically spawns a shell and executes a BASH command (Like pvs, pvcreate, lvs, vgs, etc). Most of these…
InitEnabler
  • 53
  • 1
  • 4
4
votes
2 answers

How could malware disable third party security software?

I'm asking this question with the assumption that anything the user can do, so can malware. I'm using a third party firewall on my system to control which programs are able to access the internet. However I notice that I - as a limited user - am…
Synthetic Ascension
  • 141
  • 1
  • 5
4
votes
1 answer

Drop privileges after startup or start as unprivileged user?

Given a service that needs access to some secrets from a config file to start, I can imagine three approaches: 1) Keep the file readable only by root. Start the process as root, read the config and drop privileges. 2) Keep the file readable only by…
thusoy
  • 143
  • 3
3
votes
2 answers

Why are Protection Rings called rings?

Protection rings are different privilege levels granted to software, with the kernel being the most privileged, applications the least privileged, and drivers somewhere in between. My question is why are they called rings? (as opposed to privilege…
LemonPi
  • 133
  • 2
3
votes
1 answer

How can you securely use a cloud-based CI/CD server?

I'm looking at using a cloud-based continuous deployment server to push production code for my application. Because it's a cloud based server, this requires me to give them a private SSH key that has access to push the appropriate files to my…
Hetul Patel
  • 133
  • 4
3
votes
2 answers

Separation of Duties using RBAC

I'm reading an article about Role based Access Control, in section 6 (Separation of Duties) I didn't understand this part : Separation of duty can be either static or dynamic. Compliance with static separation requirements can be determined…
Bilal
  • 133
  • 1
  • 6
2
votes
1 answer

Windows service with elevated privileges - Security concern

The company I work at uses a program on their Windows workstations that runs as the logged-in user but some tasks require elevated privileges. The user must be able to run these without having admin permissions himself. The current approach is that…
etw0
  • 45
  • 3
1
vote
1 answer

Security difference between changing permissions versus using sudo to execute

If there is a program written by a normal user that requires root privileges (eg. a program that interacts with root processes) what is the difference between running this program using sudo vs. changing the program permissions with chown root and…
durestudios
  • 11
  • 1
1
vote
3 answers

Is there really any benefit in having a separate local admin account

I have been thinking of implementing a new practice where local admin privileges are disabled entirely from all endpoints. For users who need to elevate privileges, they will have a separate admin account dedicated and restricted only to the local…
TheGreyShadow
  • 43
  • 1
  • 7
1
vote
0 answers

Authorise access to hierarchical data

Consider a scenario in which you offer service access based on a hierarchy of authority. i.e., a HEAD can register his subordinates. The authenticated HEAD has the previledge to read and update data from all of his subordinates. Is there an…
Fahim Farook
  • 121
  • 4
1
vote
2 answers

Best practice on Windows domains: To have a separate admin account or not?

On Linux, we enforce least privilege through sudo. This gives the best of both worlds: Passwords and accounts are for a person, as they should be, not a role. But we lower risk and exposure by only using privileges when we need them. Windows…
SRobertJames
  • 245
  • 1
  • 7
1
vote
1 answer

Is it possible to separate DRA decryption abilities?

In the name of separation of duties, I was wondering if there is a simple (or even not-so-simple) way of dividing the ability to decrypt an EFS encrypted file such that it would require two DRAs to decrypt the file, while still enabling the owner of…
Y     e     z
  • 133
  • 6
1
vote
2 answers

How does separating concerns into separate processes (without enforcement) help security?

In this talk on privilege separation, Theo de Raadt explains that OpenBSD's ntpd has a master process which calls settimeofday(), a DNS process responsible for querying DNS servers, and an NTP protocol process which is responsible for speaking UDP…
strugee
  • 688
  • 1
  • 6
  • 16