Lab 3: Privilege Separation
back to Home
Lab Overview
In this lab, you’ll explore privilege separation. The key insight of privilege separation is
to give minimal privilege to each component of a system, so that when one component
of the system is comprised, other components will not be comprised too.
To make the discussion concrete, you will do this lab for the Touchstone web server,
that is, you will privilege-separate the Touchstone web server by giving each component
appropriate privilege. To be specific, you will first examine possible bugs in the source
code of the Touchstone web server, and comprise the Touchstone web server by
designing and performing exploitations. Finally, you will break up the application into
privilege-separated components to minimize the effects of possible vulnerabilities.
This lab consists of three parts:
Part A: you will examine the architecture of the Touchstone web server. The
Touchstone web server in this lab differs dramatically from those from lab 1 and
2, the current one is based on the idea of services;
Part B: you will explore jail, by which you can constraint the service in some fake
root directory; and
Part C: you will privilege-separate the Touchstone web server by assigning each
component appropriate privilege.
Lab Environment
Download lab 3 code to start with. In order to bind to the port 80 (the default HTTP
port), you will start the touchstone web server with the root privilege in this lab (in
Linux, only root-privilege process can bind to port less than 1024):
$ make
$ sudo ./touchstone
Open your browser and go to this URL http://127.0.0.1, you will get a web page.
Contact us, if you do not get this page.
In this lab, you will disable ASLR:
$ su root
# sysctl -w kernel.randomize_va_space=0