Hello, welcome back. One institution decided that
users should be able to make their own programs available to others,
so they created directory to do so. This directory was world writable and many users changed their search path to
look for programs in that directory first. One user wrote a program that printed,
this is a really bad idea, gave it the name of the password changing program
and put that program in the directory. The institution very quickly changed
the way users could share programs. We will discuss how this happened and
how to prevent it and many other things. In this module, users, privileges,
and environment variables. We will first identify users and then
show how to change a user's privilege. Next, we will examine
spawning sub-processes and discussing the consequences of identifying
users incorrectly in those sub-processes. We'll move ahead with our
discussion of users and privileges by demonstrating how
to set up user and user IDs, group and group IDs, and how to establish
privileges for both users and groups. We'll finish this first group of lectures by describing how root privileges
work on Linux and Unix. The second half of this module,
focuses on environment variables and covers the topics related
to programming explicitly, how to address attacks like Heartbleed and
the issue of dynamic loading and the associated attacks related to this. In most cases,
in order to breach security, you need to obtain extra privileges. The first lecture will cover
some ways to manage privileges, to minimize this possibility. The second lesson will examine how
the environment relates to privilege and look at ways to protect against
exploiting environment variables to increase privileges. By the end of this module,
you will be able to manage users and privileges when you run programs or
sub-programs and will better understand how program
shells preserve environment settings.