Embedded Guru

Linux provide 'reboot' api to allow user to perform a reboot from Linux Code. #include <unistd.h> #include <sys/reboot.h> int reboot(int cmd); reboot(RB_AUTOBOOT); will print the message "Restarting system." and reboot will be performed. If a non-root user tries to perform this, it will fail with permission denied error. Now, if we run cap_sys_boot_test, the system will reboot when run with non-root user.

CAP_DAC_OVERRIDE: Allows a non-root user full file system access. Bypasses file read, write and execute permission check. DAC stands for "discretionary access control" Let's see an example using this capability. You can see from the above screenshot, after giving 'CAP_DAC_OVERRIDE' capability, i am able to open '/etc/shadow' which only root user can access.

What is POSIX Capabilities? Traditionally Linux/Unix only had two level of privileges: 1. Root 2. Non-Root No security checks where performed for processes running in root user, whereas processes running in non-root user were subjected to security checks. No intermediate solution was existing at that time. setuid was only the option for the non-root processes to get privileges. Giving all privileges when only few were required was not a good solution and is a target for attack. POSIX Capabilities is a concept which divides root privileges into a set of privileges. These privileges/values then can be independently assigned to the processes, by this way the process will only contain the require privileges and some level of security is achieved. What all Capabilities exist? File '/usr/include/linux/capability.h' contains list of capabilities available in Linux or man  capabilities Command to find which capabilities are set for a particular file? getcap ...

Encryption:   It is the process of converting message (referred as plain text in cryptography) into another form (referred to as cipher text) in such a way that only authorized persons can read or understand it.So, it is nothing but converting plain text to cipher text .This is done by some encryption algorithms .And decryption is the reverse operation,takes cipher text and converts back to the plain text. The input to the encryption algorithm is the key.The key can be anything,it can be a simple word,number, or some series of random letters. Symmetric Key Algorithms:     In symmetric key algorithm single key is used for both performing encryption and decryption.So,the other node that wants to communicate should have this key.For this operation there are key exchange protocols. Eg: RC4,3DES etc Asymmetric Key Algorithms:      In asymmetric key algorithms,there are two keys:public key and private key.Public key is shared and private key is sec...