Design of unix system for the prevention of damage propagation by intrusion and its implementation based on 4 4BSD

Abstract

On usual UNIX systems, a privileged user of root is allowedto acquire any user’s authority without authentication process. If anintruder obtains the root privilege by taking advantage of system’s securityhole, he can abuse network reachability of any user of the system tobreak into other sites. Thus we present a new system design where theauthority of users is protected from root by introducing a new user substitutionmechanism. However, even if we introduce the new mechanism,on usual UNIX systems, the intruder can get the authority using manyother methods for root. We implement the new user substitution mechanismand the mechanisms which prevent the intruder from using suchmethods in FreeBSD-4.2, and confirm that the system design is effective.