Privilege escalation
When a new process is created by the fork system call, fork grants the process the same privileges as the parent process (the process that called the fork system call). When a process does an exec system call on an executable file, exec recalculates the privileges for the executable file based on the privileges that exec currently possesses and the privileges possessed by the executable file.
Escalated privileges are calculated as follows:
- First, the union (bitwise-OR operation) of inheritable privileges possessed by the old (parent) process and the set of innate privileges possessed by the executable file is calculated.
- If the user is appropriately authorized, the union (bitwise-OR) of the result from the previous step and the authorized privileges is calculated.
- If the limiting privileges exist, then the intersection of the result from the previous step and the limiting privileges is calculated. Limiting privileges, if any, are inherited across an exec system call.
- The set of privileges resulting from that union become the set of maximum privileges for the new process.
- If the inherited privileges exist in the executable file, they are assigned to inheritable privileges set in the new process. Otherwise, the set of inheritable privileges possessed by the old (parent) process is carried forward in the new process’s inheritable privilege set.
If the executable file has its FSF_EPS file security flag set, the set of effective privileges for the new process is the same as its set of maximum privileges. Otherwise, the effective privileges for the new process are same as the inheritable privileges possessed by the old (parent) process.