The separation of
privileged principle is when you actually saw probably in grade school when you studied
medieval history, or in junior high,
or in high school. Many books have
pictures of castles. If you look at the castles, there's a lot of walls
and the moat there. There's a moat. Then
there's the main wall. Then there's the inner wall. Then there's the key. Then
there's the dungeon dungeon. The dungeon in this context is the most secure part
of the palace, or rather of the castle. So, for an attacker to get in, they first half to
cross the moat. Then breach the outer wall. Then breached the inner wall.
Then get to the keep. That's an example of
separation of privilege, sometimes known as
defense in depth. In order to perform
a certain task, you have to meet
multiple criteria, not just one. You also see this if
you work for a company that writes cheques
for a lot of money. Even though you
may never get one, you often see in the cheque two lines for signatures and something
underneath which says, two signatures required
if more than a $100,000 or something like that. That's another example of
separation of privilege. In order to cash check thereby obtaining a $100,000
from the company, two people have to
approve it, not just one. Actually, that would be called
the separation of duty. It's the same principle, but it's applied in
a commercial context. It requires two people
to approve something. Okay. Now, if you've got
a Linux manual in handy, go look at the
manual page for SU. SU stands for substitute user. Essentially what it does is you type SU and
the name of the user. It will then prompt you
for the users passwords, you enter it and then you run in with the privilege
of the user. Now, if you're doing
this for root or admin, that gives you all sorts
of privileges. So, Linux systems in many
of the BSD systems as well, use separation of privilege to enable people to
become root using SU. The question is, how? So, go ahead and look
at the manual page for 30 second and then we'll
come back and talk about it. Okay if you go to
the manual page, when you look you'll see, you have first of
all I have to know the root password clearly. But the second thing is you have to be in the wheel group. That's the group with GID0. So, simply knowing
the password is not enough, you also have to
be in that group. That's an example of separation
of privilege because two constraints
must be satisfied. First, the password, second,
the group membership.