Implementing an authorization policy on I/O level in GNU/Linux

Abstract

The purpose of this project has been to implement enhanced functionality for privileged file operations when using graphical programs in the GNU/Linux operating system. Today, administrative tasks are done by acquiring privileges before the program in question is started. One goal of this thesis is to show how to make administration easier, by instead requesting authentication when an operation is to be performed. When working with a text editor such as Gedit, it is often possible to open system files and make changes to the loaded text. Saving these changes will however be impossible, due to the user not having write permission on the file. The ideas presented in this report will give the user the possibility of having this action authorized, making it possible to save. Implementations of these ideas can also enhance the security of the system by allowing less code to be run with elevated privileges. Instead of running Gedit with higher privileges, only the operation to save the changes will be done privileged. Less code running with the power to change system files means that if a vulnerability is found in some part of the system, there is less risk of an attacker using it for an intrusion. The results of this project are twofold: (1) A mechanism has been created for changing a user’s permissions on a file. This acts as a helper program for other programs to use when lacking permissions on a certain file. This helper program uses Polkit for authentication and, if the user is authorized, elevates the user’s permissions on the affected file. The program can now continue to perform the requested file operation. The user’s permissions on the files will be restored after a set amount of time. (2) The other result consists of guidelines on how to complete this task without changing any permissions on files. Instead this alternative solution can offer the same functionality in a more straightforward way. This by relaying the file operations to a custom made backend.