Plan 9 authentication in Linux

8 years 8 months ago
Plan 9 authentication in Linux
In Linux, applications like su and login currently run as root in order to access authentication information and set or alter the identity of the process. In such cases, if the application is compromised while running as a privileged user, the entire system can become vulnerable. An alternative approach is taken by the Plan 9 operating system from Bell Labs, which runs such applications as a non-privileged user and relies on a kernel-based capability device working in coordination with an authentication server to provide the same services. This avoids the risk of an application vulnerability becoming a system vulnerability. This paper discusses the extension of Linux authentication mechanisms to allow the use of the Plan 9 approach with existing Linux applications in order to reduce the security risks mentioned earlier. It describes the port of the Plan 9 capability device as a character device driver for the Linux kernel. It also describes the port of the Plan 9 authentication server...
Ashwin Ganti
Added 15 Dec 2010
Updated 15 Dec 2010
Type Journal
Year 2008
Authors Ashwin Ganti
Comments (0)