System and method for changing abilities of a process

US 9,213,571 B2
Filed: 06/06/2012
Issued: 12/15/2015
Est. Priority Date: 06/06/2012
Status: Active Grant

First Claim

Patent Images

1. A computer implemented method for changing the abilities of a process comprising:

associating, by a process manager, each of one or more user-ids with a default set of privileges;

assigning to a process, by the process manager at process creation time, a default set of privileges based on the default set of privileges associated with a user-id of the one or more user-ids, wherein the user-id is an owner of the process;

executing the process, wherein the assigned default set of privileges comprises process abilities that the process is authorized to have while executing in an operating system;

receiving, at a system interface, a request from the process or from a different process to modify the assigned default set of privileges that was assigned to the process at process creation time; and

modifying, by the process manager, the assigned default set of privileges assigned to the process to become a sub-set of the assigned default set of privileges assigned to the process, wherein the modification is applied responsive to the request from the process or from the different process received by the system interface, and the modification to the assigned default set of privileges is applied during subsequent execution of the process wherein the subset of the assigned default set of privileges comprises process abilities that the process is authorized to have while executing in the operating system subsequent to the modification.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method wherein a set of privileges assigned to a process may be modified responsive to a request. The modification may apply to one or more abilities within the set of privileges and may be applied during execution of the process subsequent to the process creation time. Accordingly a process may be created with a default set of privileges and subsequently the privileges may be modified (e.g. to include a sub-set of the default privileges) thereby mitigating the risk of malicious exploitation of the process through attack.

Citations

25 Claims

1. A computer implemented method for changing the abilities of a process comprising:
- associating, by a process manager, each of one or more user-ids with a default set of privileges;
  
  assigning to a process, by the process manager at process creation time, a default set of privileges based on the default set of privileges associated with a user-id of the one or more user-ids, wherein the user-id is an owner of the process;
  
  executing the process, wherein the assigned default set of privileges comprises process abilities that the process is authorized to have while executing in an operating system;
  
  receiving, at a system interface, a request from the process or from a different process to modify the assigned default set of privileges that was assigned to the process at process creation time; and
  
  modifying, by the process manager, the assigned default set of privileges assigned to the process to become a sub-set of the assigned default set of privileges assigned to the process, wherein the modification is applied responsive to the request from the process or from the different process received by the system interface, and the modification to the assigned default set of privileges is applied during subsequent execution of the process wherein the subset of the assigned default set of privileges comprises process abilities that the process is authorized to have while executing in the operating system subsequent to the modification.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 25)
- - 2. The computer implemented method of claim 1, where modifying the set of privileges assigned to the process can be repeated responsive to further requests to modify the privileges assigned to the process.
  - 3. The computer implemented method of claim 1, wherein the system interface receiving the request to modify the default set of privileges is an application programming interface (API), a procedure, a library or a system entry point.
  - 4. The computer implemented method of claim 1, where the request to modify the default set of privileges comprises one or more abilities identifiers and corresponding modification action identifiers.
  - 5. The computer implemented method of claim 4, where the abilities identified by each of the abilities identifiers comprise one or more of:
    - changing the clock period, setting the clock;
      
      setting configuration strings;
      
      establishing a connection between a process and a channel;
      
      changing a processor'"'"'s power management mode;
      
      triggering privileged system-wide events;
      
      creating a new process using a fork operation;
      
      getting the group ID or session ID of another process outside of the process'"'"'s session;
      
      attaching an interrupt handler;
      
      requesting input /output (I/O) privileges;
      
      passing data through a common client;
      
      mapping fixed memory addresses;
      
      adding physical memory;
      
      marking shared memory as global across all processes;
      
      locking a range of process address space into physical memory;
      
      manipulating a peer process'"'"' memory;
      
      mapping physical memory;
      
      making shared memory special;
      
      adding items to the system process creator'"'"'s pathname prefix space;
      
      setting the process'"'"' group ID;
      
      changing the process'"'"' priority to one above the maximum allowed for an unprivileged process;
      
      loading code into memory;
      
      creating a distributed processing channel;
      
      causing the system to reboot;
      
      raising hard limits on system resources;
      
      manipulating a resource database manager;
      
      controlling a processors running state;
      
      getting or setting a scheduling policy for a processor;
      
      changing a character terminal'"'"'s process group or sending a signal to the a member of a session group;
      
      setting the process'"'"' group ID, effective group ID or supplementary group IDs;
      
      setting the process'"'"' user ID and effective user ID;
      
      attaching a signal handler to a process;
      
      spawning new processes;
      
      setting the group ID of a child process;
      
      setting the user ID of a child process;
      
      creating a timer that sends a pulse;
      
      adding handlers for trace events;
      
      changing the file-mode creation mask for a process; and
      
      waiting for the status of a terminated child process.
  - 6. The computer implemented method of claim 4, where the action identified by each of the modification action identifiers comprise one or more of:
    - denying an ability;
      
      allowing an ability;
      
      restricting the process to set an ability parameter within a specified sub-range;
      
      locking an ability setting to prevent subsequent changes;
      
      having child processes inherit an ability; and
      
      not having child processes inherit an ability.
  - 7. The computer implemented method of claim 1, where the request to modify the default set of privileges can only be generated by a further process owned by a system administrator user-id.
  - 8. The computer implemented method of claim 1, where the request to modify the default set of privileges is generated by the process, whereby the process is able to modify its own abilities.
  - 9. The computer implemented method of claim 1, where the set of privileges assigned to the process is assigned to one or more child processes of the process at each of the child process'"'"' creation time, whereby the one or more child processes each inherit the set of privileges or the sub-set of the default set of privileges based on which one is assigned to the process at the time when the child process is created.
  - 10. The computer implemented method of claim 1, where at least one of the one or more user-ids is a system administrator user-id.
  - 11. The computer implemented method of claim 10, where the default set of privileges associated with the system administrator user-id comprises all possible abilities.
  - 25. The computer implemented method of claim 2 wherein the further requests to modify the privileges are received at different points of time in the lifespan of the process and an effect of multiple requests to modify the privileges are cumulative on the set of privileges assigned to the process.

12. A system for changing the abilities of a process comprising:
- a processor; and
  
  memory comprising;
  
  a process manager configured to create the process and assign to the process a default set of privileges based on a default set of privileges associated with a user-id that is an owner of the process wherein the assigned default set of privileges comprises process abilities that the process is authorized to have while executing in an operating system;
  
  anda system interface configured to receive, from the process or from a different process, a request to modify the assigned default set of privileges that was assigned to the process at process creation time;
  
  wherein the process manager is further configured to modify the assigned default set of privileges assigned to the process to become a sub-set of the assigned default set of privileges assigned to the process during execution of the process, wherein the assigned default set of privileges is modified responsive to the system interface receiving the request to modify the assigned default set of privileges from the process or from the different process and the modification to the assigned default set of privileges is applied during subsequent execution of the process, wherein the subset of the assigned default set of privileges comprises process abilities that the process is authorized to have while executing in the operating subsequent to the modification.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21)
- - 13. The system of claim 12, wherein the process manager is further configured to modify the set of privileges assigned to the process responsive to further requests to modify the privileges being received by the system interface.
  - 14. The system of claim 12, wherein the request to modify the default set of privileges comprises one or more abilities identifiers and corresponding modification action identifiers.
  - 15. The system of claim 14, where the abilities identified by each of the abilities identifiers comprise one or more of:
    - changing the clock period, setting the clock;
      
      setting configuration strings;
      
      establishing a connection between a process and a channel;
      
      changing a processor'"'"'s power management mode;
      
      triggering privileged system-wide events;
      
      creating a new process using a fork operation;
      
      getting the group ID or session ID of another process outside of the process'"'"'s session;
      
      attaching an interrupt handler;
      
      requesting input/output (I/O) privileges;
      
      passing data through a common client;
      
      mapping fixed memory addresses;
      
      adding physical memory;
      
      marking shared memory as global across all processes;
      
      locking a range of process address space into physical memory;
      
      manipulating a peer process'"'"' memory;
      
      mapping physical memory;
      
      making shared memory special;
      
      adding items to the system process creator'"'"'s pathname prefix space;
      
      setting the process'"'"' group ID;
      
      changing the process'"'"' priority to one above the maximum allowed for an unprivileged process;
      
      loading code into memory;
      
      creating a distributed processing channel;
      
      causing the system to reboot;
      
      raising hard limits on system resources;
      
      manipulating a resource database manager;
      
      controlling a processors running state;
      
      getting or setting a scheduling policy for a processor;
      
      changing a character terminal'"'"'s process group or sending a signal to the a member of a session group;
      
      setting the process'"'"' group ID, effective group ID or supplementary group IDs;
      
      setting the process'"'"' user ID and effective user ID;
      
      attaching a signal handler to a process;
      
      spawning new processes;
      
      setting the group ID of a child process;
      
      setting the user ID of a child process;
      
      creating a timer that sends a pulse;
      
      adding handlers for trace events;
      
      changing the file-mode creation mask for a process; and
      
      waiting for the status of a terminated child process.
  - 16. The system of claim 14, where the action identified by each of the modification action identifiers comprise one or more of:
    - denying an ability;
      
      allowing an ability;
      
      restricting the process to set an ability parameter within a specified sub-range;
      
      locking an ability setting to prevent subsequent changes;
      
      having child processes inherit an ability; and
      
      not having child processes inherit an ability.
  - 17. The system of claim 12, where the request to modify the default set of privileges can only be generated by a further process owned by a system administrator user-id.
  - 18. The system of claim 12, where the request to modify the default set of privileges is generated by the process, whereby the process is able to modify its own abilities.
  - 19. The system of claim 12, wherein the process manager is further configured to create and assign to one or more child processes of the process the set of privileges assigned to the process, whereby the one or more child processes inherit the set of privileges assigned to the process at the time when the child process is created.
  - 20. The system of claim 12, where at least one of the one or more user-ids is a system administrator user-id.
  - 21. The system of claim 20, where the default set of privileges associated with the system administrator user-id comprises all possible abilities.

22. A non-transitory computer-readable storage medium encoded with computer executable instructions, the computer executable instructions executable with a processor to change the abilities of a process, the computer-readable storage medium comprising:
- instructions executable to associate with each of one or more user-ids a default set of privileges;
  
  instructions executable to assign to a process, at process creation time, a default set of privileges based on the default set of privileges associated with a user-id of the one or more user-ids, wherein the user-id is an owner of the process;
  
  instructions executable to execute the process, wherein the assigned default set of privileges comprises process abilities that the process is authorized to have while executing in an operating system;
  
  instructions executable to receive at a system interface, a request from the process or from a different process to modify the assigned default set of privileges that was assigned to the process at process creation time; and
  
  instructions executable to modify the assigned default set of privileges assigned to the process to become a sub-set of the assigned default set of privileges assigned to the process, wherein the modification is applied responsive to the request from the process or from the different process received by the system interface, and the modification to the assigned default set of privileges is applied during subsequent execution of the process wherein the subset of the assigned default set of privileges comprises process abilities that the process is authorized to have while executing in the operating system subsequent to the modification.
- View Dependent Claims (23, 24)
- - 23. The non-transitory computer-readable storage medium of claim 22, where the request to modify the default set of privileges comprises one or more abilities identifiers and corresponding modification action identifiers.
  - 24. The non-transitory computer-readable storage medium of claim 22, where the set of privileges assigned to the process is assigned to one or more child processes of the process at each of the child process'"'"' creation time, whereby the one or more child processes each inherit the set of privileges assigned to the process at the time when the child process is created.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Blackberry Limited
Original Assignee
2236008 Ontario Inc. (Blackberry Limited)
Inventors
Ristovski, Aleksandar, Goodman, Kevin, Stecher, Brian John
Primary Examiner(s)
Zecher, Dede
Assistant Examiner(s)
LAKHIA, VIRAL S

Application Number

US13/490,180
Publication Number

US 20130333056A1
Time in Patent Office

1,287 Days
Field of Search

726/1, 726/10, 726/21, 726/4, 726/20, 713/167, 703/26, 707/610
US Class Current

1/1
CPC Class Codes

G06F 21/52 during program execution, e...

G06F 9/468 Specific access rights for ...

System and method for changing abilities of a process

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for changing abilities of a process

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links