Privman
A library to make privilege Separation easy.
- Description
-
Privman is a library that makes it easy for programs to use privilege separation, a technique that prevents the leak or misuse of privilege from applications that must run with some elevated permissions. Applications that use the Privman library split into two halves, the half that performs valid privileged operations, and the half that contains the application's logic. The Privman library simplifies the otherwise complex task of separating the application, protecting the system from compromise if an error in the application logic is found. The library uses configuration files to provide fine-grained access control for the privileged operations, limiting exposure in even of an attack against the application. When the application is compromised, the attacker gains only the privileges of an unprivileged user and the specific privileges granted to the application by the application's Privman configuration file.
- Current Status
-
The most recent version of Privman is 0.9.3. The Privman libraries should be considered developmental, and parts of the API are likely to change. We are interested in any feedback, bug fixes, or requests for functionality. We are particularly interested in features that make it easier to modify existing software to use the Privman library.
The Privman API should be sufficient for most applications. We have successfully patched WU-FTPD to use Privman, as well as THTTPD.
- License
-
Privman is licensed under a 2-clause BSD style license. We hope to see widespread use of the library and the technique of partitioning processes.
- Downloads
-
The most recent version of Privman is available here. The MD5SUM is can be found in the MD5SUM file here. All available versions are listed below.
We have a patch for version 2.6.2 of wu-ftpd to allow it to use Privman. If you apply this patch, you will need to regenerate the configure script, and then run "./configure --enable-privman". We also have a patch for the BSD ftpd version 6.5-0.3.2 here, and a patch for thttpd 2.20c here.
- Documentation
-
Privman: A library for Partitioning Applications was published at Freenix 2003. It provides an overview of the Privman library, the use cases, and the limitations.
The Privman distribution includes a number of man pages that constitute the bulk of the available documentation.
- priv_bind(3)
- priv_custom(3)
- priv_daemon(3)
- priv_execve(3)
- priv_fopen(3)
- priv_fork(3)
- priv_init(3)
- priv_invoke_cap_fn(3)
- priv_invoke_info_fn(3)
- priv_open(3)
- priv_pam(3)
- priv_pam_acct_mgmt(3)
- priv_pam_authenticate(3)
- priv_pam_chauthtok(3)
- priv_pam_close_session(3)
- priv_pam_end(3)
- priv_pam_fail_delay(3)
- priv_pam_getenv(3)
- priv_pam_get_item(3)
- priv_pam_open_session(3)
- priv_pam_putenv(3)
- priv_pam_setcred(3)
- priv_pam_set_item(3)
- priv_pam_start(3)
- priv_popen(3)
- priv_pclose(3)
- priv_register_cap_fn(3)
- priv_register_info_fn(3)
- priv_rerunas(3)
- priv_respawn_as(3)
- priv_wait4(3)
- privman_conf(5)
- privman(7)
In addition, the test programs can be useful guides, and the header file includes some useful comments. A paper describing the architecture and design decisions can be downloaded here. We hope to add man pages for the library soon, and have more detail available on this web page.
- Point of Contact
-
To contact the developers of this project, please e-mail ISSO-privman@sparta.com.