A method to securely execute applications needing elevated privilege level.
Publication Date: 2017-May-30
The IP.com Prior Art Database
TITLE: A method to securely execute applications needing elevated privilege level
Sometimes a computer program requires an administrative privileges to perform some of its tasks and in some cases it is not desirable by the end user to allow it, while it is still desirable to allow the program to execute. Examples may include: - Some legacy software that checks for requires a root privileges for lifetime, but actually uses them for part that is negligible from end user perspective - Potentially harmful software user want to investigate (and consciously allow or not to perform certain system actions) What we propose is the additional layer between operating system and the application The extra layer: 1) Will present itself to the application as an operating system session authorized by "superuser" 2) Will capture all the calls requiring elevated privileges and respond to them according to defined policies This will allow (or not, depending on policy) application to run as if it was run in privileged mode and perform (or not, again, depending on policy) certain actions. It is important to understand some basic techniques involving system call interception. This is most easily done on Linux systems with help of dynamic loader - you just use LD_PRELOAD environment variable to instruct dynamic loader to first load provided library (called shim) and use it for symbol resolution and then go the "normal" way that is examine LD_PATH etc. With this simple step you can intercept any dynamic call user application is making without need...