RootAsRole: a security module to manage the administrative privileges for Linux

Today, Linux users use sudo/su commands to attribute Linux’s administrative privileges to their programs. These commands always give the whole list of administrative privileges to Linux programs unless there are pre-installed default policies defined by Linux Security Modules (LSM). LSM requires users to inject the needed privileges into the memory of the process and to declare the needed privileges in an LSM policy. This approach can work for users with good knowledge of the syntax of LSM policies. However, adding or editing an existing policy is very time-consuming because LSM requires adding a complete list of traditional permissions and administrative privileges. Therefore, we propose a new Linux module called RootAsRole dedicated to managing administrative privileges. RootAsRole is not proposed to replace LSM but to be used as a complementary module to manage Linux administrative privileges. RootAsRole allows Linux administrators to define a set of roles that contain the administrative privileges and restrict their usage to a set of users/groups and programs. Finally, we conduct an empirical performance study to compare RootAsRole tools with sudo/su commands to show that the overhead added by our module remains acceptable.