4ce97555e4
The script was correctly opening the `truth` file by piping `echo` to it, but then it tried to deny another operation on it. But since pipes are opened by the script process, the permission was given to the script. And since the permissions are preserved for the entire runtime of a process, and child processes inherit permissions of their parents, any command executed later would also have the necessary permissions to open `truth` (which was the case for the second operation). Now the second operation is performed on a different file.
ICFS -- Interactively Controlled File System
Motivation
Traditional access control mechanisms in operating systems allow the same level of access to all processes running on behalf of the same user. This typically enables malicious processes to read and/or modify all data accessible to the user running a vulnerable application. It can be dealt using various mandatory access control mechanisms, but these are often complicated to configure and are rarely used in common user oriented scenarios. This thesis focuses on design and implementation of a file system layer which delegates the decision to allow or deny access to a file system object by a specific process to the user.
Goals
- Analyze the problem and design a solution
- Implement the solution using the FUSE framework
- Test the solution and demonstrate its benefits
Building
- Install dependencies
- libfuse3
- Debian:
sudo apt install fuse3 libfuse3-dev
- Debian:
- zenity
- Debian:
sudo apt install zenity
- Debian:
- Build tools
- Debian:
sudo apt install gcc make pkg-config
- Debian:
- libfuse3
- Build using
make:- In the project directory:
make - Use
make DEBUG=1for testing.
- In the project directory:
- Resulting binaries should appear in the
builddirectory.
Usage
icfs <FUSE arguments> [target directory]
The filesystem will be mounted over the target directory, and ask user permission every time a file in that directory is opened.
Docs
Credit
Student: Fedir Kovalov
Supervisor: RNDr. Jaroslav Janáček, PhD.