Operating Systems 2017F Lecture 22: Difference between revisions

From Soma-notes
Aleksp (talk | contribs)
 
Line 84: Line 84:
Virtualization : not one thing , vm ware, system which run multiple of kernels.
Virtualization : not one thing , vm ware, system which run multiple of kernels.
SSH question student asked, how can they know that they have the private key belongs to the pubkey it belongs to: sends a public key or a hash of th Pubkey , then an exchange : yes I have a secret key which can be inverted by the pubkey. Private key must be corresponding. encrypts with thr private key and sends it back
SSH question student asked, how can they know that they have the private key belongs to the pubkey it belongs to: sends a public key or a hash of th Pubkey , then an exchange : yes I have a secret key which can be inverted by the pubkey. Private key must be corresponding. encrypts with thr private key and sends it back
Lecture 22
'''Synopsis''': UID, GUID, EUID, setuid, setguid
What is and isn't permitted on a Linux system?
* a file we create has a user ID and group ID
** i.e. $ touch
** $ which touch
** $ ls -la /bin/touch
::* touch is owned by root, but has global execute permissions
* fork and execve don't change the user ID of a process
* when we create a file, system checks user ID/group ID under which a process is running
::* if we want to create a file somewhere
::* check permissions on the dir
==== N.B. ====
* on a dir, execute permissions means you can follow the links on the dir; write permissions mean we can create a file
* to change contents of a directory (i.e. remove a file), the permissions on the file don't matter -> the permissions on the directory do!
:* Read permissions let us read the dir, obtain all the file names contained within
:* Execute permission lets us pass through the dir when we need to search it to look for a specific filename
:* To create a new file in a directory, we need to have write and execute permissions
:::* exceptions to this:
::::* $ /etc/passwd
::::* $ ls -la /etc/passwd
::::* we have a process running as root, to which we can send a message/request using IPC and request a change
* how to start up a process that has more privilages than we do? -> effective UID
** EUID can be set by special permissions -> sticky bits
*** after an execve the resulting process will have it's group and user ID set accordingly
*** setting the sticky bit, causes the binary to run as that user
**** any files created will have the user's group

Latest revision as of 16:58, 7 December 2017

Video

Lecture 22 Video

Notes

In Class

Lecture 22
----------

What's left?

* scheduling
* device drivers
* virtual memory
  - page replacement algorithms
    - predict the future (optimal)
    - least recently used
    - one-handed, two-handed clocks
* power management
* security
  - hardening processes so coding errors don't lead to vulnerabilities
    (machine code injection, e.g. buffer overflow attacks)

* virtualization
  - hardware-level  (run multiple kernels)  <-- vmware, openstack
  - OS-level        (run multiple userspaces) <-- containers, web hosting
  - application level (run programs on simulated machines)
     - JVM
     - JavaScript runtime in browsers/node
 
* distributed operating systems



ADDITIONAL NOTES :


Comp 3000 Premissions on this directory, readable writable and executable Execute permission on a Regular file : you can execute Execute permission on a directory : follow the links on the directory Can’t make any changes to the directory if you can’t write There are exceptions : Less/etc/passwd: doesn’t actually store the password

if you want to change this file, you must have a way to allow limited editing to this. 

 You can have a process running as root and send it signals and tell it to update the entry in the password file. o Starting up a process which has more privileges which I can do , ex: EUID Ls –la /sbin | grep rws : execve EUID will be set to whatever it is from the file . equal to the uid Ls –la /sbin | grep r-s: s is a sticky bit, if you need extra premissions You want your stcky bit to be a regular user Euid = uid yes Cd /tmp : directory in which everyone can write This allows binaries run as users Set uid and get guid : Myid has euid now Change the ownership - > chown root : root myid - >chown root : root mytouch Ls –la : 3rd column identifies the ownership of each file on the file system You can overwrite any file on the fille system using mytouch binary Question : why can you remove file owned by root? - > to change the context of the directory , the permissions of a file don’t matter but the permissions and privileges of the directory only matter o Someone putting a directory in ur directory is hard to remove - Ssh to a remote serve : - 2 public keys involved: identity key, private key pair: one in the known host file (connecting to the machine). - If you rm _known host and do ssh , a question will ask you to add the key to ur host file - What happens if a person tries to personate your machine (same IP address)? o It will identity it is a fake person from the host First line is a Hashed versionof an IP address : cat .ssh/known_host Ssh demon : running in the background and must have a public key to identify its self. process that runs in the background that doesn’t run in the background(connects 1 file system to another) - > connects sockets and listens to connect. Doesn’t interact with user Thursday: written version of the solutions for the midterm and we will talk about assignment 4 3000 class content We didn’t discuss scheduling much : Virtual memory: similar to scheduling since, If you don’t have enough memory , you delete the page that you may want to need at last . Choosing which pages you replace : one-handed and two-handed clocks Power management Security Virtualization : not one thing , vm ware, system which run multiple of kernels. SSH question student asked, how can they know that they have the private key belongs to the pubkey it belongs to: sends a public key or a hash of th Pubkey , then an exchange : yes I have a secret key which can be inverted by the pubkey. Private key must be corresponding. encrypts with thr private key and sends it back


Lecture 22


Synopsis: UID, GUID, EUID, setuid, setguid

What is and isn't permitted on a Linux system?

  • a file we create has a user ID and group ID
    • i.e. $ touch
    • $ which touch
    • $ ls -la /bin/touch
  • touch is owned by root, but has global execute permissions
  • fork and execve don't change the user ID of a process
  • when we create a file, system checks user ID/group ID under which a process is running
  • if we want to create a file somewhere
  • check permissions on the dir


N.B.

  • on a dir, execute permissions means you can follow the links on the dir; write permissions mean we can create a file
  • to change contents of a directory (i.e. remove a file), the permissions on the file don't matter -> the permissions on the directory do!
  • Read permissions let us read the dir, obtain all the file names contained within
  • Execute permission lets us pass through the dir when we need to search it to look for a specific filename
  • To create a new file in a directory, we need to have write and execute permissions
  • exceptions to this:
  • $ /etc/passwd
  • $ ls -la /etc/passwd
  • we have a process running as root, to which we can send a message/request using IPC and request a change


  • how to start up a process that has more privilages than we do? -> effective UID
    • EUID can be set by special permissions -> sticky bits
      • after an execve the resulting process will have it's group and user ID set accordingly
      • setting the sticky bit, causes the binary to run as that user
        • any files created will have the user's group