Trusted Path Execution

少于 1 分钟读完

Trusted Path Execution (TPE) is an old and simple concept. It dates back to at least 1998 with route’s Phrack 62 article linked below. The goal of TPE is to provide an easily-configurable and generally software compatible method of preventing unprivileged users from executing binaries they create. Grsecurity extends the idea of TPE a bit and resolves some vulnerabilities in the original design in the process (for instance, TPE is not bypassed via under grsecurity). –

TPE (Trusted Path Execution, 可信路径执行) 用来限制一些恶意程序的执行,它定义了一个可信路径,满足可信条件的路径可以执行,否则被认为是恶意的(不可信的),就不能执行。 这里的关键就是定义这个可信条件,并且完美的实现!





Trusted path execution is another optional feature that can be used to prevent users from executing binaries not owned by the root user, or world-writable binaries. This is useful to prevent users from executing their own malicious binaries or accidentally executing world-writable system binaries that could have been modified by a malicious user. –grsecurity

实现:在加载可执行程序时检查程序文件的拥有者(属主owner),以及程序文件的权限,GROUP 和 OTHER 是否可写?

TPE只是grsecurity在文件系统上的一个安全特性,它是通过LSM(Linux Security Module)实现的。


Trusted Path Execution is a security feature that denies users from executing programs that are not owned by root, or are writable.

规则:只有root拥有的不可写程序才是可信的(uid=0 && not writable),不可写确保该程序不能被非root用户恶意替换!

(inode->i_mode & S_IWOTH)   (inode->i_mode & S_IWGRP)