{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,18]],"date-time":"2025-11-18T12:16:25Z","timestamp":1763468185029,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":49,"publisher":"ACM","license":[{"start":{"date-parts":[[2014,4,14]],"date-time":"2014-04-14T00:00:00Z","timestamp":1397433600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/100007259","name":"Stony Brook University","doi-asserted-by":"publisher","id":[{"id":"10.13039\/100007259","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100000144","name":"Division of Computer and Network Systems","doi-asserted-by":"publisher","award":["CNS-1149229, CNS-1161541, CNS-1228839"],"award-info":[{"award-number":["CNS-1149229, CNS-1161541, CNS-1228839"]}],"id":[{"id":"10.13039\/100000144","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2014,4,14]]},"DOI":"10.1145\/2592798.2592811","type":"proceedings-article","created":{"date-parts":[[2014,4,28]],"date-time":"2014-04-28T14:18:30Z","timestamp":1398694710000},"page":"1-14","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":10,"title":["Practical techniques to obviate setuid-to-root binaries"],"prefix":"10.1145","author":[{"given":"Bhushan","family":"Jain","sequence":"first","affiliation":[{"name":"Stony Brook University"}]},{"given":"Chia-Che","family":"Tsai","sequence":"additional","affiliation":[{"name":"Stony Brook University"}]},{"given":"Jitin","family":"John","sequence":"additional","affiliation":[{"name":"Stony Brook University"}]},{"given":"Donald E.","family":"Porter","sequence":"additional","affiliation":[{"name":"Stony Brook University"}]}],"member":"320","published-online":{"date-parts":[[2014,4,14]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"The openldap project. http:\/\/www.openldap.org\/project\/ Aug. 1998.  The openldap project. http:\/\/www.openldap.org\/project\/ Aug. 1998."},{"key":"e_1_3_2_1_2_1","unstructured":"netfilter. http:\/\/www.netfilter.org\/ Dec. 2001.  netfilter. http:\/\/www.netfilter.org\/ Dec. 2001."},{"key":"e_1_3_2_1_3_1","unstructured":"The automounter autofs. http:\/\/www.autofs.org\/ Sep. 2002.  The automounter autofs. http:\/\/www.autofs.org\/ Sep. 2002."},{"key":"e_1_3_2_1_4_1","unstructured":"Py-notify. http:\/\/home.gna.org\/py-notify\/ Dec. 2008.  Py-notify. http:\/\/home.gna.org\/py-notify\/ Dec. 2008."},{"key":"e_1_3_2_1_5_1","unstructured":"SOCK_RAW Demystified. http:\/\/www.sock-raw.org\/papers\/sock_raw May 2008.  SOCK_RAW Demystified. http:\/\/www.sock-raw.org\/papers\/sock_raw May 2008."},{"key":"e_1_3_2_1_6_1","unstructured":"AppArmor. http:\/\/wiki.apparmor.net\/index.php\/Main_Page Jun. 2011.  AppArmor. http:\/\/wiki.apparmor.net\/index.php\/Main_Page Jun. 2011."},{"key":"e_1_3_2_1_7_1","unstructured":"Kernel mode setting. https:\/\/wiki.archlinux.org\/index.php\/Kernel\\_Mode\\_Setting Jan. 2011.  Kernel mode setting. https:\/\/wiki.archlinux.org\/index.php\/Kernel\\_Mode\\_Setting Jan. 2011."},{"key":"e_1_3_2_1_8_1","unstructured":"Debian Popularity Contest. http:\/\/popcon.debian.org\/by_inst Feb. 2013.  Debian Popularity Contest. http:\/\/popcon.debian.org\/by_inst Feb. 2013."},{"key":"e_1_3_2_1_9_1","unstructured":"Lintian Reports: setuid-binary. http:\/\/lintian.debian.org\/tags\/setuid-binary.html Feb. 2013.  Lintian Reports: setuid-binary. http:\/\/lintian.debian.org\/tags\/setuid-binary.html Feb. 2013."},{"key":"e_1_3_2_1_10_1","unstructured":"Ubuntu Popularity Contest. http:\/\/popcon.ubuntu.com\/by_inst Feb. 2013.  Ubuntu Popularity Contest. http:\/\/popcon.ubuntu.com\/by_inst Feb. 2013."},{"key":"e_1_3_2_1_11_1","unstructured":"Apple. Mac OS X Server V10.6 - Open Directory Administration. White Paper Apple: http:\/\/manuals.info.apple.com\/MANUALS\/1000\/MA1180\/en_US\/OpenDirAdmin_v10.6.pdf August 2009.  Apple. Mac OS X Server V10.6 - Open Directory Administration. White Paper Apple: http:\/\/manuals.info.apple.com\/MANUALS\/1000\/MA1180\/en_US\/OpenDirAdmin_v10.6.pdf August 2009."},{"key":"e_1_3_2_1_12_1","unstructured":"Securing Debian Manual: Bastille Linux. http:\/\/www.debian.org\/doc\/manuals\/securing-debian-howto\/ch-automatic-harden.en.html\\#s6.2 Apr. 2012.  Securing Debian Manual: Bastille Linux. http:\/\/www.debian.org\/doc\/manuals\/securing-debian-howto\/ch-automatic-harden.en.html\\#s6.2 Apr. 2012."},{"volume-title":"NASA Ames Research Center","year":"1986","author":"Bishop M.","key":"e_1_3_2_1_13_1"},{"volume-title":"Chalmers University of Technology","year":"2003","author":"Bringert B.","key":"e_1_3_2_1_14_1"},{"volume-title":"Proceedings of the Network and Distributed System Security Symposium (NDSS)","year":"2009","author":"Chen H.","key":"e_1_3_2_1_15_1"},{"key":"e_1_3_2_1_16_1","first-page":"171","volume-title":"Setuid Demystified. In Proceedings of the USENIX Security Symposium","author":"Chen H.","year":"2002"},{"volume-title":"Benchmarking Mail Relays and Forwarders. In OSDC Conference","year":"2006","author":"Coker R.","key":"e_1_3_2_1_17_1"},{"key":"e_1_3_2_1_18_1","unstructured":"J. Corbet. File-based capabilities. http:\/\/lwn.net\/Articles\/211883\/ November 2006.  J. Corbet. File-based capabilities. http:\/\/lwn.net\/Articles\/211883\/ November 2006."},{"key":"e_1_3_2_1_19_1","unstructured":"J. Corbet. Rootless X. http:\/\/lwn.net\/Articles\/341033\/ July 2009.  J. Corbet. Rootless X. http:\/\/lwn.net\/Articles\/341033\/ July 2009."},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.5555\/647253.720295"},{"key":"e_1_3_2_1_21_1","unstructured":"Fedoraproject Wiki: Features\/RemoveSETUID. https:\/\/fedoraproject.org\/wiki\/Features\/RemoveSETUID Apr. 2011.  Fedoraproject Wiki: Features\/RemoveSETUID. https:\/\/fedoraproject.org\/wiki\/Features\/RemoveSETUID Apr. 2011."},{"key":"e_1_3_2_1_22_1","first-page":"554","volume-title":"Role-Based Access Control. In 15th National Computer Security Conference","author":"Ferraiolo D.","year":"1992"},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.1987.232893"},{"key":"e_1_3_2_1_24_1","unstructured":"N. M. Guire. Linux kernel gcov - tool analysis. http:\/\/dslab.lzu.edu.cn:8080\/docs\/2006summerschool\/team1\/teama\/Documentation\/howtos\/der_herr_gcov.pdf 2006.  N. M. Guire. Linux kernel gcov - tool analysis. http:\/\/dslab.lzu.edu.cn:8080\/docs\/2006summerschool\/team1\/teama\/Documentation\/howtos\/der_herr_gcov.pdf 2006."},{"key":"e_1_3_2_1_25_1","first-page":"243","volume-title":"Proceedings of the USENIX Security Symposium","author":"Hecht M.","year":"1987"},{"volume-title":"Inc.","year":"2005","author":"Johnson K.","key":"e_1_3_2_1_26_1"},{"key":"e_1_3_2_1_27_1","unstructured":"M. Kerrisk. CAP_SYS_ADMIN: the new root. http:\/\/lwn.net\/Articles\/486306\/ March 2012.  M. Kerrisk. CAP_SYS_ADMIN: the new root. http:\/\/lwn.net\/Articles\/486306\/ March 2012."},{"key":"e_1_3_2_1_28_1","unstructured":"M. Kerrisk. User namespaces progress. https:\/\/lwn.net\/Articles\/528078\/ Dec. 2012.  M. Kerrisk. User namespaces progress. https:\/\/lwn.net\/Articles\/528078\/ Dec. 2012."},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.1984.10000"},{"key":"e_1_3_2_1_30_1","unstructured":"M. Larabel. A NVIDIA Tegra 2 DRM\/KMS Driver Tips Up. http:\/\/www.phoronix.com\/vr.php?view=MTA4NjA Apr. 2012.  M. Larabel. A NVIDIA Tegra 2 DRM\/KMS Driver Tips Up. http:\/\/www.phoronix.com\/vr.php?view=MTA4NjA Apr. 2012."},{"key":"e_1_3_2_1_31_1","unstructured":"H. M. Levy. Capability-Based Computer Systems. Digital Press Bedford Massachusetts 1984.   H. M. Levy. Capability-Based Computer Systems . Digital Press Bedford Massachusetts 1984."},{"key":"e_1_3_2_1_32_1","first-page":"29","volume-title":"Proceedings of the USENIX Security Symposium","author":"Loscocco P.","year":"2001"},{"key":"e_1_3_2_1_33_1","first-page":"259","volume-title":"Proceedings of the USENIX Security Symposium","author":"McCanne S.","year":"1993"},{"key":"e_1_3_2_1_34_1","unstructured":"Microsoft. TCP\/IP Raw Sockets. http:\/\/msdn.microsoft.com\/en-us\/library\/windows\/desktop\/ms740548\\%28v=vs.85\\%29.aspx 2012.  Microsoft. TCP\/IP Raw Sockets. http:\/\/msdn.microsoft.com\/en-us\/library\/windows\/desktop\/ms740548\\%28v=vs.85\\%29.aspx 2012."},{"key":"e_1_3_2_1_35_1","unstructured":"MITRE. Common Vulnerabilities and Exploits Database. http:\/\/cve.mitre.org\/ Feb. 2013.  MITRE. Common Vulnerabilities and Exploits Database. http:\/\/cve.mitre.org\/ Feb. 2013."},{"key":"e_1_3_2_1_36_1","unstructured":"Summary about POSIX 1.e. http:\/\/wt.tuxomania.net\/publications\/posix.1e\/ Feb. 1999.  Summary about POSIX 1.e. http:\/\/wt.tuxomania.net\/publications\/posix.1e\/ Feb. 1999."},{"key":"e_1_3_2_1_37_1","first-page":"257","volume-title":"Proceedings of the USENIX Security Symposium","author":"Provos N.","year":"2002"},{"issue":"9","key":"e_1_3_2_1_38_1","first-page":"1278","volume":"63","author":"Saltzer J. H.","year":"1975","journal-title":"The Protection of Information in Computer System. Proceedings of the IEEE"},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1145\/319151.319163"},{"key":"e_1_3_2_1_40_1","unstructured":"I. Shields. Monitor linux file system events with inotify. http:\/\/www.ibm.com\/developerworks\/linux\/library\/l-inotify\/index.html Sep. 2010.  I. Shields. Monitor linux file system events with inotify. http:\/\/www.ibm.com\/developerworks\/linux\/library\/l-inotify\/index.html Sep. 2010."},{"key":"e_1_3_2_1_41_1","first-page":"301","volume-title":"Proceedings of the Conference on Parallel and Distributed Computing and Networks","author":"Shinagawa T.","year":"2004"},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1145\/373256.373271"},{"key":"e_1_3_2_1_43_1","unstructured":"A. Tominaga O. Nakamura F. Teraoka and J. Murai. Problems and Solutions of DHCP - Experiences with DHCP implementation and Operation. http:\/\/www.isoc.org\/inet95\/proceedings\/PAPER\/127\/html\/paper.html 1995.  A. Tominaga O. Nakamura F. Teraoka and J. Murai. Problems and Solutions of DHCP - Experiences with DHCP implementation and Operation. http:\/\/www.isoc.org\/inet95\/proceedings\/PAPER\/127\/html\/paper.html 1995."},{"key":"e_1_3_2_1_44_1","unstructured":"D. Tsafrir D. D. Silva and D. Wagner. The murky issue of changing process identity: revising \"setuid demystified\". USENIX;login 33(3):55--66 June 2008.  D. Tsafrir D. D. Silva and D. Wagner. The murky issue of changing process identity: revising \"setuid demystified\". USENIX;login 33(3):55--66 June 2008."},{"key":"e_1_3_2_1_45_1","unstructured":"Ubuntu Wiki: Filesystem Capabilities. https:\/\/wiki.ubuntu.com\/Security\/Features\\#Filesystem_Capabilities March 2014.  Ubuntu Wiki: Filesystem Capabilities. https:\/\/wiki.ubuntu.com\/Security\/Features\\#Filesystem_Capabilities March 2014."},{"key":"e_1_3_2_1_46_1","first-page":"3","volume-title":"Proceedings of the USENIX Security Symposium","author":"Walker K. M.","year":"1996"},{"key":"e_1_3_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.1109\/CSAC.1990.143794"},{"key":"e_1_3_2_1_48_1","first-page":"17","volume-title":"Proceedings of the USENIX Security Symposium","author":"Wright C.","year":"2002"},{"key":"e_1_3_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.1145\/355616.364017"}],"event":{"name":"EuroSys 2014: Ninth Eurosys Conference 2014","sponsor":["SIGOPS ACM Special Interest Group on Operating Systems"],"location":"Amsterdam The Netherlands","acronym":"EuroSys 2014"},"container-title":["Proceedings of the Ninth European Conference on Computer Systems"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2592798.2592811","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/2592798.2592811","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T06:55:58Z","timestamp":1750229758000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2592798.2592811"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2014,4,14]]},"references-count":49,"alternative-id":["10.1145\/2592798.2592811","10.1145\/2592798"],"URL":"https:\/\/doi.org\/10.1145\/2592798.2592811","relation":{},"subject":[],"published":{"date-parts":[[2014,4,14]]},"assertion":[{"value":"2014-04-14","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}