next up previous
Next: Bell LaPadula Model Up: Protection Previous: PC Rings

Unix SETUID

Unix provides a simplified version of the Multics access control mechanism to change the access rights of a process dynamically. A process can switch between user and kernel mode. Moreover, in user mode, a process executing with the access rights of one user, when it executes a file owned by another user gets the access rights of the second user if a bit (called SETUID) in the object file is on (that is, in the PC language, it is a non-conforming file.) This feature supports rights amplification and easily handles the mail example. The mail program is owned by root and has its SETUID bit on. When the command interpreter subprocess forked to process the `mail command' executes the mail program it acquires the access rights of root and can create/modify a file (owned by the receiver) in the directory `/usr/spool/mail'.



Prasun Dewan
Thu May 4 10:41:22 EDT 2000