Hardened/Grsecurity Trusted Path Execution

From Gentoo Wiki
Revision as of 21:39, 24 May 2014 by Jotik (Talk | contribs)

Jump to: navigation, search

TPE tends to be one of the harder to understand parts of GRSecurity as options like invert GID can be confusing at times. In this documents we explain how each possible TPE setup behaves and summarize it with the results of a simple test suite.

Introduction

Trusted Path Execution (TPE) is a protection which restricts the execution of files under certain circumstances determined by their path. Using it will make privilege escalation harder when an account restricted by TPE is compromised as the attacker won't be able to execute custom binaries which are not in the trusted path.

You can also enable a weaker restriction which will prevent race conditions on code executed by non root users. This weaker condition makes non-root users able to run only executables on directories owned by them or root and writeable only by the owner.

To explain how TPE works we will first explain what each kernel option does, and then show the results with an example.

Note
Bare in mind that TPE just makes file execution more restrictive so files without the execute permission will be non executable regardless of the TPE status.

The different setups

No TPE

Here TPE is disabled. So it won't won't affect the executable permissions.

CodeSetup 1 (No TPE)

-> Security options
  -> Grsecurity
    -> Grsecurity
      -> Executable Protections
        [ ] Trusted Path Execution (TPE)

Basic TPE

Here we use the minimal setup of TPE. With it all the users in the group with the indicated GID (100 by default) will be able to execute only files in root owned directories writable only by root (and nothing more).

Kernel configurationSetup 2 (Basic)

-> Security options
  -> Grsecurity
    -> Grsecurity
      -> Executable Protections
        [*] Trusted Path Execution (TPE)
        [ ]   Partially restrict all non-root users
        [ ]   Invert GID option
        (100)   GID for untrusted users

TPE with with partial restrictions

Now we also enable the partial restriction, this means that now aside from the previous restriction, we now add another for the non-root users not affected by it which will allow execution only in root owned directories writable only by root and directories owned by the executing user which aren't group writable nor world writable (and nothing more).

Kernel configurationSetup 3 (with partial retriction)

-> Security options
  -> Grsecurity
    -> Grsecurity
      -> Executable Protections
        [*] Trusted Path Execution (TPE)
        [*]   Partially restrict all non-root users
        [ ]   Invert GID option
        (100)   GID for untrusted users

TPE with with inverted gid match

Now, we enabled the invert GID option, so now all the users not in the group with the indicated GID (100 by default) will be able to execute only files in root owned directories writable only by root (and nothing more).

Kernel configurationSetup 4 (with inverted GID match)

-> Security options
  -> Grsecurity
    -> Grsecurity
      -> Executable Protections
        [*] Trusted Path Execution (TPE)
        [ ]   Partially restrict all non-root users
        [*]   Invert GID option
        (100)   GID for trusted users

TPE with with partial restrictions and inverted gid match

Again we also enable the partial restriction, this means that now aside from the previous restriction, we now add another for the non-root users not affected by it which will allow execution only in root owned directories writable only by root and directories owned by the executing user which aren't group writable nor world writable (and nothing more).

Kernel configurationSetup 5 (with inverted GID match and partial restriction)

-> Security options
  -> Grsecurity
    -> Grsecurity
      -> Executable Protections
        [*] Trusted Path Execution (TPE)
        [*]   Partially restrict all non-root users
        [*]   Invert GID option
        (100)   GID for trusted users

Testing the different restrictions

To make things even clearer we have executed a small test suite on each of the possible setups.

The test suite

The test suite consist of a series of directories with different names each with different permissions and ownership. These directories have exactly the same contents: a set of files again with different permissions and ownership each. The files are just a simple bash script printing OK.

CodeExample directory structure

.:
total 48
drwxr-xr-x 2 root  root  4096 ene  6 22:51 01
drwxr-xrwx 2 root  root  4096 ene  6 22:51 02
drwxrwxr-x 2 root  root  4096 ene  6 22:51 03
drwxrwxrwx 2 root  root  4096 ene  6 22:51 04
drwxr-xr-x 2 user1 user1 4096 ene  6 22:51 05
drwxr-xrwx 2 user1 user1 4096 ene  6 22:51 06
drwxrwxr-x 2 user1 user1 4096 ene  6 22:51 07
drwxrwxrwx 2 user1 user1 4096 ene  6 22:51 08
drwxr-xr-x 2 user2 user2 4096 ene  6 22:51 09
drwxr-xrwx 2 user2 user2 4096 ene  6 22:51 10
drwxrwxr-x 2 user2 user2 4096 ene  6 22:51 11
drwxrwxrwx 2 user2 user2 4096 ene  6 22:51 12
  
./01:
total 48
-rwxrwxrwx 1 root  root  22 ene  6 22:59 01
-rwxr-xrwx 1 root  root  22 ene  6 22:59 02
-rwxrwxr-x 1 root  root  22 ene  6 22:59 03
-rwxr-xr-x 1 root  root  22 ene  6 22:59 04
-rwxrwxrwx 1 user2 user2 22 ene  6 22:59 05
-rwxr-xrwx 1 user2 user2 22 ene  6 22:59 06
-rwxrwxr-x 1 user2 user2 22 ene  6 22:59 07
-rwxr-xr-x 1 user2 user2 22 ene  6 22:59 08
-rwxrwxrwx 1 user1 user1 22 ene  6 22:59 09
-rwxr-xrwx 1 user1 user1 22 ene  6 22:59 10
-rwxrwxr-x 1 user1 user1 22 ene  6 22:59 11
-rwxr-xr-x 1 user1 user1 22 ene  6 22:59 12
  
./02:
total 48
-rwxrwxrwx 1 root  root  22 ene  6 22:59 01
-rwxr-xrwx 1 root  root  22 ene  6 22:59 02
-rwxrwxr-x 1 root  root  22 ene  6 22:59 03
-rwxr-xr-x 1 root  root  22 ene  6 22:59 04
-rwxrwxrwx 1 user2 user2 22 ene  6 22:59 05
-rwxr-xrwx 1 user2 user2 22 ene  6 22:59 06
-rwxrwxr-x 1 user2 user2 22 ene  6 22:59 07
-rwxr-xr-x 1 user2 user2 22 ene  6 22:59 08
-rwxrwxrwx 1 user1 user1 22 ene  6 22:59 09
-rwxr-xrwx 1 user1 user1 22 ene  6 22:59 10
-rwxrwxr-x 1 user1 user1 22 ene  6 22:59 11
-rwxr-xr-x 1 user1 user1 22 ene  6 22:59 12
  
./03:
total 48
-rwxrwxrwx 1 root  root  22 ene  6 22:59 01
-rwxr-xrwx 1 root  root  22 ene  6 22:59 02
-rwxrwxr-x 1 root  root  22 ene  6 22:59 03
-rwxr-xr-x 1 root  root  22 ene  6 22:59 04
-rwxrwxrwx 1 user2 user2 22 ene  6 22:59 05
-rwxr-xrwx 1 user2 user2 22 ene  6 22:59 06
-rwxrwxr-x 1 user2 user2 22 ene  6 22:59 07
-rwxr-xr-x 1 user2 user2 22 ene  6 22:59 08
-rwxrwxrwx 1 user1 user1 22 ene  6 22:59 09
-rwxr-xrwx 1 user1 user1 22 ene  6 22:59 10
-rwxrwxr-x 1 user1 user1 22 ene  6 22:59 11
-rwxr-xr-x 1 user1 user1 22 ene  6 22:59 12
  
./04:
total 48
-rwxrwxrwx 1 root  root  22 ene  6 22:59 01
-rwxr-xrwx 1 root  root  22 ene  6 22:59 02
-rwxrwxr-x 1 root  root  22 ene  6 22:59 03
-rwxr-xr-x 1 root  root  22 ene  6 22:59 04
-rwxrwxrwx 1 user2 user2 22 ene  6 22:59 05
-rwxr-xrwx 1 user2 user2 22 ene  6 22:59 06
-rwxrwxr-x 1 user2 user2 22 ene  6 22:59 07
-rwxr-xr-x 1 user2 user2 22 ene  6 22:59 08
-rwxrwxrwx 1 user1 user1 22 ene  6 22:59 09
-rwxr-xrwx 1 user1 user1 22 ene  6 22:59 10
-rwxrwxr-x 1 user1 user1 22 ene  6 22:59 11
-rwxr-xr-x 1 user1 user1 22 ene  6 22:59 12
  
./05:
total 48
-rwxrwxrwx 1 root  root  22 ene  6 22:59 01
-rwxr-xrwx 1 root  root  22 ene  6 22:59 02
-rwxrwxr-x 1 root  root  22 ene  6 22:59 03
-rwxr-xr-x 1 root  root  22 ene  6 22:59 04
-rwxrwxrwx 1 user2 user2 22 ene  6 22:59 05
-rwxr-xrwx 1 user2 user2 22 ene  6 22:59 06
-rwxrwxr-x 1 user2 user2 22 ene  6 22:59 07
-rwxr-xr-x 1 user2 user2 22 ene  6 22:59 08
-rwxrwxrwx 1 user1 user1 22 ene  6 22:59 09
-rwxr-xrwx 1 user1 user1 22 ene  6 22:59 10
-rwxrwxr-x 1 user1 user1 22 ene  6 22:59 11
-rwxr-xr-x 1 user1 user1 22 ene  6 22:59 12
  
./06:
total 48
-rwxrwxrwx 1 root  root  22 ene  6 22:59 01
-rwxr-xrwx 1 root  root  22 ene  6 22:59 02
-rwxrwxr-x 1 root  root  22 ene  6 22:59 03
-rwxr-xr-x 1 root  root  22 ene  6 22:59 04
-rwxrwxrwx 1 user2 user2 22 ene  6 22:59 05
-rwxr-xrwx 1 user2 user2 22 ene  6 22:59 06
-rwxrwxr-x 1 user2 user2 22 ene  6 22:59 07
-rwxr-xr-x 1 user2 user2 22 ene  6 22:59 08
-rwxrwxrwx 1 user1 user1 22 ene  6 22:59 09
-rwxr-xrwx 1 user1 user1 22 ene  6 22:59 10
-rwxrwxr-x 1 user1 user1 22 ene  6 22:59 11
-rwxr-xr-x 1 user1 user1 22 ene  6 22:59 12
  
./07:
total 48
-rwxrwxrwx 1 root  root  22 ene  6 22:59 01
-rwxr-xrwx 1 root  root  22 ene  6 22:59 02
-rwxrwxr-x 1 root  root  22 ene  6 22:59 03
-rwxr-xr-x 1 root  root  22 ene  6 22:59 04
-rwxrwxrwx 1 user2 user2 22 ene  6 22:59 05
-rwxr-xrwx 1 user2 user2 22 ene  6 22:59 06
-rwxrwxr-x 1 user2 user2 22 ene  6 22:59 07
-rwxr-xr-x 1 user2 user2 22 ene  6 22:59 08
-rwxrwxrwx 1 user1 user1 22 ene  6 22:59 09
-rwxr-xrwx 1 user1 user1 22 ene  6 22:59 10
-rwxrwxr-x 1 user1 user1 22 ene  6 22:59 11
-rwxr-xr-x 1 user1 user1 22 ene  6 22:59 12
   
./08:
total 48
-rwxrwxrwx 1 root  root  22 ene  6 22:59 01
-rwxr-xrwx 1 root  root  22 ene  6 22:59 02
-rwxrwxr-x 1 root  root  22 ene  6 22:59 03
-rwxr-xr-x 1 root  root  22 ene  6 22:59 04
-rwxrwxrwx 1 user2 user2 22 ene  6 22:59 05
-rwxr-xrwx 1 user2 user2 22 ene  6 22:59 06
-rwxrwxr-x 1 user2 user2 22 ene  6 22:59 07
-rwxr-xr-x 1 user2 user2 22 ene  6 22:59 08
-rwxrwxrwx 1 user1 user1 22 ene  6 22:59 09
-rwxr-xrwx 1 user1 user1 22 ene  6 22:59 10
-rwxrwxr-x 1 user1 user1 22 ene  6 22:59 11
-rwxr-xr-x 1 user1 user1 22 ene  6 22:59 12
  
./09:
total 48
-rwxrwxrwx 1 root  root  22 ene  6 22:59 01
-rwxr-xrwx 1 root  root  22 ene  6 22:59 02
-rwxrwxr-x 1 root  root  22 ene  6 22:59 03
-rwxr-xr-x 1 root  root  22 ene  6 22:59 04
-rwxrwxrwx 1 user2 user2 22 ene  6 22:59 05
-rwxr-xrwx 1 user2 user2 22 ene  6 22:59 06
-rwxrwxr-x 1 user2 user2 22 ene  6 22:59 07
-rwxr-xr-x 1 user2 user2 22 ene  6 22:59 08
-rwxrwxrwx 1 user1 user1 22 ene  6 22:59 09
-rwxr-xrwx 1 user1 user1 22 ene  6 22:59 10
-rwxrwxr-x 1 user1 user1 22 ene  6 22:59 11
-rwxr-xr-x 1 user1 user1 22 ene  6 22:59 12
  
./10:
total 48
-rwxrwxrwx 1 root  root  22 ene  6 22:59 01
-rwxr-xrwx 1 root  root  22 ene  6 22:59 02
-rwxrwxr-x 1 root  root  22 ene  6 22:59 03
-rwxr-xr-x 1 root  root  22 ene  6 22:59 04
-rwxrwxrwx 1 user2 user2 22 ene  6 22:59 05
-rwxr-xrwx 1 user2 user2 22 ene  6 22:59 06
-rwxrwxr-x 1 user2 user2 22 ene  6 22:59 07
-rwxr-xr-x 1 user2 user2 22 ene  6 22:59 08
-rwxrwxrwx 1 user1 user1 22 ene  6 22:59 09
-rwxr-xrwx 1 user1 user1 22 ene  6 22:59 10
-rwxrwxr-x 1 user1 user1 22 ene  6 22:59 11
-rwxr-xr-x 1 user1 user1 22 ene  6 22:59 12
  
./11:
total 48
-rwxrwxrwx 1 root  root  22 ene  6 22:59 01
-rwxr-xrwx 1 root  root  22 ene  6 22:59 02
-rwxrwxr-x 1 root  root  22 ene  6 22:59 03
-rwxr-xr-x 1 root  root  22 ene  6 22:59 04
-rwxrwxrwx 1 user2 user2 22 ene  6 22:59 05
-rwxr-xrwx 1 user2 user2 22 ene  6 22:59 06
-rwxrwxr-x 1 user2 user2 22 ene  6 22:59 07
-rwxr-xr-x 1 user2 user2 22 ene  6 22:59 08
-rwxrwxrwx 1 user1 user1 22 ene  6 22:59 09
-rwxr-xrwx 1 user1 user1 22 ene  6 22:59 10
-rwxrwxr-x 1 user1 user1 22 ene  6 22:59 11
-rwxr-xr-x 1 user1 user1 22 ene  6 22:59 12
  
./12:
total 48
-rwxrwxrwx 1 root  root  22 ene  6 22:59 01
-rwxr-xrwx 1 root  root  22 ene  6 22:59 02
-rwxrwxr-x 1 root  root  22 ene  6 22:59 03
-rwxr-xr-x 1 root  root  22 ene  6 22:59 04
-rwxrwxrwx 1 user2 user2 22 ene  6 22:59 05
-rwxr-xrwx 1 user2 user2 22 ene  6 22:59 06
-rwxrwxr-x 1 user2 user2 22 ene  6 22:59 07
-rwxr-xr-x 1 user2 user2 22 ene  6 22:59 08
-rwxrwxrwx 1 user1 user1 22 ene  6 22:59 09
-rwxr-xrwx 1 user1 user1 22 ene  6 22:59 10
-rwxrwxr-x 1 user1 user1 22 ene  6 22:59 11
-rwxr-xr-x 1 user1 user1 22 ene  6 22:59 12
Note
For commodity this files and a small testrunning script trytpe are provided in a compressed tar.bz2 archive. Remember to keep the permissions when extracting it.

Example Results

Below are the results for each execution attempt on each of the presented setups. user1 is in the group set by the GID, while user2 isn't. A YES means the file indicated was executable by the indicated user in the indicated setup. A NO means the permission to execute the file was denied.

Directory File Setup 1 Setup 2 Setup 3 Setup 4 Setup 5
user1 user2 user1 user2 user1 user2 user1 user2 user1 user2
01 01 YES YES YES YES YES YES YES YES YES YES
02 YES YES YES YES YES YES YES YES YES YES
03 YES YES YES YES YES YES YES YES YES YES
04 YES YES YES YES YES YES YES YES YES YES
05 YES YES YES YES YES YES YES YES YES YES
06 YES YES YES YES YES YES YES YES YES YES
07 YES YES YES YES YES YES YES YES YES YES
08 YES YES YES YES YES YES YES YES YES YES
09 YES YES YES YES YES YES YES YES YES YES
10 YES YES YES YES YES YES YES YES YES YES
11 YES YES YES YES YES YES YES YES YES YES
12 YES YES YES YES YES YES YES YES YES YES
02 01 YES YES NO YES NO NO YES NO NO NO
02 YES YES NO YES NO NO YES NO NO NO
03 YES YES NO YES NO NO YES NO NO NO
04 YES YES NO YES NO NO YES NO NO NO
05 YES YES NO YES NO NO YES NO NO NO
06 YES YES NO YES NO NO YES NO NO NO
07 YES YES NO YES NO NO YES NO NO NO
08 YES YES NO YES NO NO YES NO NO NO
09 YES YES NO YES NO NO YES NO NO NO
10 YES YES NO YES NO NO YES NO NO NO
11 YES YES NO YES NO NO YES NO NO NO
12 YES YES NO YES NO NO YES NO NO NO
03 01 YES YES NO YES NO NO YES NO NO NO
02 YES YES NO YES NO NO YES NO NO NO
03 YES YES NO YES NO NO YES NO NO NO
04 YES YES NO YES NO NO YES NO NO NO
05 YES YES NO YES NO NO YES NO NO NO
06 YES YES NO YES NO NO YES NO NO NO
07 YES YES NO YES NO NO YES NO NO NO
08 YES YES NO YES NO NO YES NO NO NO
09 YES YES NO YES NO NO YES NO NO NO
10 YES YES NO YES NO NO YES NO NO NO
11 YES YES NO YES NO NO YES NO NO NO
12 YES YES NO YES NO NO YES NO NO NO
04 01 YES YES NO YES NO NO YES NO NO NO
02 YES YES NO YES NO NO YES NO NO NO
03 YES YES NO YES NO NO YES NO NO NO
04 YES YES NO YES NO NO YES NO NO NO
05 YES YES NO YES NO NO YES NO NO NO
06 YES YES NO YES NO NO YES NO NO NO
07 YES YES NO YES NO NO YES NO NO NO
08 YES YES NO YES NO NO YES NO NO NO
09 YES YES NO YES NO NO YES NO NO NO
10 YES YES NO YES NO NO YES NO NO NO
11 YES YES NO YES NO NO YES NO NO NO
12 YES YES NO YES NO NO YES NO NO NO
05 01 YES YES NO YES NO NO YES NO YES NO
02 YES YES NO YES NO NO YES NO YES NO
03 YES YES NO YES NO NO YES NO YES NO
04 YES YES NO YES NO NO YES NO YES NO
05 YES YES NO YES NO NO YES NO YES NO
06 YES YES NO YES NO NO YES NO YES NO
07 YES YES NO YES NO NO YES NO YES NO
08 YES YES NO YES NO NO YES NO YES NO
09 YES YES NO YES NO NO YES NO YES NO
10 YES YES NO YES NO NO YES NO YES NO
11 YES YES NO YES NO NO YES NO YES NO
12 YES YES NO YES NO NO YES NO YES NO
06 01 YES YES NO YES NO NO YES NO NO NO
02 YES YES NO YES NO NO YES NO NO NO
03 YES YES NO YES NO NO YES NO NO NO
04 YES YES NO YES NO NO YES NO NO NO
05 YES YES NO YES NO NO YES NO NO NO
06 YES YES NO YES NO NO YES NO NO NO
07 YES YES NO YES NO NO YES NO NO NO
08 YES YES NO YES NO NO YES NO NO NO
09 YES YES NO YES NO NO YES NO NO NO
10 YES YES NO YES NO NO YES NO NO NO
11 YES YES NO YES NO NO YES NO NO NO
12 YES YES NO YES NO NO YES NO NO NO
07 01 YES YES NO YES NO NO YES NO NO NO
02 YES YES NO YES NO NO YES NO NO NO
03 YES YES NO YES NO NO YES NO NO NO
04 YES YES NO YES NO NO YES NO NO NO
05 YES YES NO YES NO NO YES NO NO NO
06 YES YES NO YES NO NO YES NO NO NO
07 YES YES NO YES NO NO YES NO NO NO
08 YES YES NO YES NO NO YES NO NO NO
09 YES YES NO YES NO NO YES NO NO NO
10 YES YES NO YES NO NO YES NO NO NO
11 YES YES NO YES NO NO YES NO NO NO
12 YES YES NO YES NO NO YES NO NO NO
08 01 YES YES NO YES NO NO YES NO NO NO
02 YES YES NO YES NO NO YES NO NO NO
03 YES YES NO YES NO NO YES NO NO NO
04 YES YES NO YES NO NO YES NO NO NO
05 YES YES NO YES NO NO YES NO NO NO
06 YES YES NO YES NO NO YES NO NO NO
07 YES YES NO YES NO NO YES NO NO NO
08 YES YES NO YES NO NO YES NO NO NO
09 YES YES NO YES NO NO YES NO NO NO
10 YES YES NO YES NO NO YES NO NO NO
11 YES YES NO YES NO NO YES NO NO NO
12 YES YES NO YES NO NO YES NO NO NO
09 01 YES YES NO YES NO YES YES NO NO NO
02 YES YES NO YES NO YES YES NO NO NO
03 YES YES NO YES NO YES YES NO NO NO
04 YES YES NO YES NO YES YES NO NO NO
05 YES YES NO YES NO YES YES NO NO NO
06 YES YES NO YES NO YES YES NO NO NO
07 YES YES NO YES NO YES YES NO NO NO
08 YES YES NO YES NO YES YES NO NO NO
09 YES YES NO YES NO YES YES NO NO NO
10 YES YES NO YES NO YES YES NO NO NO
11 YES YES NO YES NO YES YES NO NO NO
12 YES YES NO YES NO YES YES NO NO NO
10 01 YES YES NO YES NO NO YES NO NO NO
02 YES YES NO YES NO NO YES NO NO NO
03 YES YES NO YES NO NO YES NO NO NO
04 YES YES NO YES NO NO YES NO NO NO
05 YES YES NO YES NO NO YES NO NO NO
06 YES YES NO YES NO NO YES NO NO NO
07 YES YES NO YES NO NO YES NO NO NO
08 YES YES NO YES NO NO YES NO NO NO
09 YES YES NO YES NO NO YES NO NO NO
10 YES YES NO YES NO NO YES NO NO NO
11 YES YES NO YES NO NO YES NO NO NO
12 YES YES NO YES NO NO YES NO NO NO
11 01 YES YES NO YES NO NO YES NO NO NO
02 YES YES NO YES NO NO YES NO NO NO
03 YES YES NO YES NO NO YES NO NO NO
04 YES YES NO YES NO NO YES NO NO NO
05 YES YES NO YES NO NO YES NO NO NO
06 YES YES NO YES NO NO YES NO NO NO
07 YES YES NO YES NO NO YES NO NO NO
08 YES YES NO YES NO NO YES NO NO NO
09 YES YES NO YES NO NO YES NO NO NO
10 YES YES NO YES NO NO YES NO NO NO
11 YES YES NO YES NO NO YES NO NO NO
12 YES YES NO YES NO NO YES NO NO NO
12 01 YES YES NO YES NO NO YES NO NO NO
02 YES YES NO YES NO NO YES NO NO NO
03 YES YES NO YES NO NO YES NO NO NO
04 YES YES NO YES NO NO YES NO NO NO
05 YES YES NO YES NO NO YES NO NO NO
06 YES YES NO YES NO NO YES NO NO NO
07 YES YES NO YES NO NO YES NO NO NO
08 YES YES NO YES NO NO YES NO NO NO
09 YES YES NO YES NO NO YES NO NO NO
10 YES YES NO YES NO NO YES NO NO NO
11 YES YES NO YES NO NO YES NO NO NO
12 YES YES NO YES NO NO YES NO NO NO

Conclusion

As we can see the results are not dependent on the files ownership or permissions but on the directories ones. Below is a summed up more readable table. Remember thaat user1 is in the group set by the GID, while user2 isn't and that a YES means the files in the dir were executable by the indicated user in the indicated setup. A NO means the permission to execute the files was denied.

Directory Permissions Owner Group Setup 1 Setup 2 Setup 3 Setup 4 Setup 5
user1 user2 user1 user2 user1 user2 user1 user2 user1 user2
01 drwxr-xr-x root root YES YES YES YES YES YES YES YES YES YES
02 drwxr-xrwx root root YES YES NO YES NO NO YES NO NO NO
03 drwxrwxr-x root root YES YES NO YES NO NO YES NO NO NO
04 drwxrwxrwx root root YES YES NO YES NO NO YES NO NO NO
05 drwxr-xr-x user1 user1 YES YES NO YES NO NO YES NO YES NO
06 drwxr-xrwx user1 user1 YES YES NO YES NO NO YES NO NO NO
07 drwxrwxr-x user1 user1 YES YES NO YES NO NO YES NO NO NO
08 drwxrwxrwx user1 user1 YES YES NO YES NO NO YES NO NO NO
09 drwxr-xr-x user2 user2 YES YES NO YES NO YES YES NO NO NO
10 drwxr-xrwx user2 user2 YES YES NO YES NO NO YES NO NO NO
11 drwxrwxr-x user2 user2 YES YES NO YES NO NO YES NO NO NO
12 drwxrwxrwx user2 user2 YES YES NO YES NO NO YES NO NO NO

We have shown how TPE makes file execution more restrictive. We also have shown that the partial setting will apply to all the user not matched by the GID condition. And we finally showed that TPE restrictions only depend on the permissions and ownership of the directory containing the executable and not on the ones of the executable itself, so an executable owned by other user can still be modified by that user.

Acknowledgements

We would like to thank the following authors and editors for their contributions to this guide:

  • Francisco Blas Izquierdo Riera