DOCSLIB.ORG

TOCTTOU Vulnerabilities in UNIX-Style File Systems: an Anatomical Study

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

TOCTTOU Vulnerabilities in UNIX-Style File Systems: An Anatomical Study Jinpeng Wei and Calton Pu Georgia Institute of Technology {weijp,calton}@cc.gatech.edu mailbox and replacing it with a symbolic link to ABSTRACT /etc/passwd. If the replacement is completed within the Due to their non-deterministic nature, Time of Check window and the new messages happen to be syntacti- To Time of Use (TOCTTOU) vulnerabilities in Unix- cally correct /etc/passwd entries with root access, then style file systems (e.g., Linux) are difficult to find and sendmail may unintentionally give unauthorized root prevent. We describe a comprehensive model of access to a normal user (the attacker). TOCTTOU vulnerabilities, enumerating 224 file sys- TOCTTOU vulnerabilities are a very significant tem call pairs that may lead to successful TOCTTOU problem. For example, between 2000 and 2004, we attacks. Based on this model, we built kernel monitor- found 20 CERT [14] advisories on TOCTTOU vulner- ing tools that confirmed known vulnerabilities and dis- abilities. They cover a wide range of applications from covered new ones (in often-used system utilities such system management tools (e.g., /bin/sh, shar, tripwire) as rpm, vi, and emacs). We evaluated the probability of to user level applications (e.g., gpm, Netscape successfully exploiting these newly discovered vulner- browser). A similar list compiled from BUGTRAQ abilities and analyzed in detail the system events dur- [16] mailing list is shown in Table 1. The CERT advi- ing such attacks. Our performance evaluation shows sories affected many operating systems, including: that the dynamic monitoring of system calls introduces Caldera, Conectiva, Debian, FreeBSD, HP-UX, Immu- non-negligible overhead in microbenchmark of those nix, MandrakeSoft, RedHat, Sun Solaris, and SuSE. In file system calls, but their impact on application 11 of the CERT advisories, the attacker was able to benchmarks such as Andrew and PostMark is only a gain unauthorized root access. TOCTTOU vulnerabili- few percent. ties are widespread and cause serious consequences. Categories and Subject Descriptors Table 1: Reported TOCTTOU Vulnerabilities D.4.3: File Systems Management – Access methods; Domain Application Name D.4.5: Reliability –verification; D.4.6: Security and Enterprise Apache, bzip2, gzip, getmail, Imp- Protection – Access controls. applications webmail, procmail, openldap, openSSL, Kerberos, OpenOffice, General Terms StarOffice, CUPS, SAP, samba Reliability, Experimentation, Security. Administrative at, diskcheck, GNU fileutils, log- tools watch, patchadd Keywords Device Esound, glint, pppd, Xinetd Race detection managers Development make, perl, Rational ClearCase, 1 Introduction tools KDE, BitKeeper, Cscope TOCTTOU (Time Of Check To Time Of Use) is a well At the same time, TOCTTOU vulnerabilities are known security problem [1] in file systems with weak also a very challenging research problem due to their synchronization semantics (e.g., Unix file system). A non-deterministic nature. They are very hard to detect TOCTTOU vulnerability requires two steps [2]. First, a because the occurrence of a TOCTTOU vulnerability vulnerable program checks for a file status. Second, the requires a pair of certain system calls along the execu- program operates on the file assuming the original file tion path of an application combined with appropriate status remained invariant during execution. For exam- environmental conditions. So they are more elusive ple, sendmail may check for a specific attribute of a than say, a buffer overflow bug which is only a single mailbox (e.g., it is not a symbolic link) in step one and point of failure. TOCTTOU vulnerabilities are also then append new messages (as root) in step two. Be- hard to exploit, because they are essentially race condi- cause the two steps are not executed atomically, a local tion errors so whether an attack can succeed relies on attacker (mailbox owner) can exploit the window of whether the attacking code is executed within the usu- vulnerability between the two steps by deleting his/her ally narrow window of vulnerability (on the order of USENIX Association FAST ’05: 4th USENIX Conference on File and Storage Technologies 155 milliseconds as shown in section 4.2). Furthermore, conditions about the file can be established either ex- normal static program analysis tools for detecting race plicitly (e.g., access or stat) or implicitly (e.g., open or conditions cannot be applied directly, since the attack creat). Therefore, the TOCTTOU name is more re- programs are usually unavailable until the vulnerabili- strictive than our model. Our model includes the origi- ties are discovered. nal check-use system call pairs [2][3], plus use-use The first contribution of this paper is a model-based pairs. For example, a program may attempt to delete a approach to detecting TOCTTOU attacks in Unix-style file (instead of checking whether a file exists) before operating systems. During the 10 years since the first creating it. Consequently, the pair <delete, create> is systematic study of TOCTTOU problem by Bishop also considered a (broadly defined) TOCTTOU pair. [2][3], only partial solutions have been proposed for 2.2 An Enumeration of TOCTTOU pairs some instances of the problem [5][6][13]. In this paper, in Linux we develop a model and list a comprehensive enumera- tion of TOCTTOU vulnerabilities for the Linux virtual We apply this model (called CUU) to the concrete file system. To the best of our knowledge, this is the situation of analyzing TOCTTOU problems in Linux. most complete study of TOCTTOU problem so far. To get a complete list of TOCTTOU pairs, we first find The second contribution of the paper is a systematic the complete CUSet (the set of CU-calls) and UseSet search for potential TOCTTOU vulnerabilities in Linux (the set of Use-Calls). We select these two sets of ker- system utility programs. We implemented model-based nel calls from the functional specification of Linux file software tools that are able to detect previously re- system. We started from file system calls that require a ported TOCTTOU vulnerabilities as well as finding pathname as input, and then filtered out those that are some unknown ones (e.g., in the rpm software distribu- unlikely to be leveraged in a TOCTTOU attack. For tion program, the vi/vim and emacs editors). We con- example, swapon does not follow symbolic links so it ducted a detailed experimental study of successfully is not included in the UseSet (Here we assume that all exploiting these vulnerabilities and analyze the signifi- TOCTTOU attacks based on swapon are symbolic link cant events during a TOCTTOU attack against the na- kind attack). Finally we got the following CUSet and tive binaries of rpm and vi. By repeating the UseSet: experiments, we also evaluated the probability of these x CUSet = { access, stat, open, creat, mknod, link, events happening, as well as the success rate of these symlink, mkdir, unlink, rmdir, rename, execve, non-deterministic TOCTTOU attacks. These analyses chmod, chown, truncate, utime, chdir, chroot, provide a quantitatively better understanding of pivot_root, mount } TOCTTOU attacks. x UseSet = { creat, mknod, mkdir, rename, link, The rest of the paper is organized as follows. Sec- symlink, open, execve, chdir, chroot, pivot_root, tion 2 summarizes the CUU model of TOCTTOU vul- mount, chmod, chown, truncate, utime } nerabilities. Section 3 describes a framework that Although some system calls may appear unlikely can- detects TOCTTOU vulnerabilities through monitoring didates, they have been included after careful analysis. of TOCTTOU pairs. Section 4 presents a detailed For example, mknod is in UseSet because it is able to analysis of events during the attacks on rpm and vi, in- create a new regular file, a function that is rarely cluding a study of attack success probability. Section 5 known. discusses the accuracy of the detection software tools This classification of CUSet and UseSet is not and shows the measured overhead incurred by the structured enough for a complete analysis because tools. Section 6 summarizes related work and Section some CU-calls and Use-calls are semantically unre- 7 concludes the paper. lated. For example, <creat, chdir> is not a meaningful pair because creat creates a regular file while chdir 2 The CUU Model of TOCTTOU expects a directory as argument. So we need to subdi- vide CUSet and UseSet so that a TOCTTOU pair at 2.1 Broad Definition of TOCTTOU least applies to the same kind of storage objects (e.g. A necessary condition for a TOCTTOU vulnerability to regular file, directory, or link). Thus we define the fol- happen is a pair of system calls (referred to as lowing sets. “TOCTTOU pair” in this paper) operating on the same Definition 1: CreationSet contains system calls that disk object using a file pathname. The first system call create new objects in the file system. It can be further (referred to as “CU-call”) establishes some precondi- divided into three subsets depending on the kind of ob- tions about the file (e.g., the file exists, the current user jects that the system call creates: has write privilege to the file, etc). The second system CreationSet = FileCreationSet LinkCreationSet call (referred to as “Use-call”) operates on the file, DirCreationSet, where based on those preconditions. In our model, the pre- 156 FAST ’05: 4th USENIX Conference on File and Storage Technologies USENIX Association FileCreationSet = {creat, open, mknod, rename} Group 2 preconditions can be established by CU- LinkCreationSet = {link, symlink, rename} calls in the CheckSet, or by CU-calls in the CreationSet DirCreationSet = {mkdir, rename} (a file/directory/link exists after it is created), or by CU-calls in the NormalUseSet. These are followed by Definition 2: RemoveSet contains system calls that corresponding Use-calls. The link-related calls are remove objects from the file system. It can be further paired with both FileNormalUseSet and DirNor- divided into three corresponding subsets: malUseSet because a link can point to either a regular RemoveSet = FileRemoveSet LinkRemoveSet file or a directory.
Recommended publications
  • Intermedia: a System for Linking Multimedia Documents. IRIS

    Intermedia: a System for Linking Multimedia Documents. IRIS

    DOCUMENT RESUME ED 296 735 IR 052 399 AUTHOR Yankelovich, Nicole TITLE Intermedia: A System for Linking Multimrdia Documents. IRIS Technical Report 86-2. INSTITUTION Brown Univ., Providence, RI. Inst. for Research in Information and Scholarship. PUB DATE 86 NOTE 19p. PUB TYPE Reports - Descriptive (141) EDRS PRICE MF01/PC01 Plus Postage. D'1CRIPTORS Bibliographic Coupling; *Computer Assisted Instruction; Computer Graphics; *Computer System Design; Higher Education; *Information Retrieval; *Man Machine Systems; *Multimedia Instruction; Word Processing IDENTIFIERS *Hypermedia ABSTRACT "Intermedia" is a hypermedia system which was developed for use in university research and teaching. It provides a framework for object-oriented, direct manipulation editors and applications, and the capability to link together materials created with those applications. Instructors are able to construct exploratory environments for their students as well as use applications for their day-to-day work, research, and writing. This paper provides a discussion of hypermedia systems in general, as well as a description of the Intermedia system which focuses on several important user features, and illustrates the operation of the system thrw,h a sample session. The text is supplemented by 15 figures. (19 references) (Author/EW) *********************************************************************** Reproductions supplied by EDRS are the best that can be made from the original document. *********************************************************************** INTERMEDIA: A System for customizing, visualizing, integratingand 0 Linking Multimedia Documents retrieving information. oi This paper describes Intermedia,one such tool designed for use in theuniversity O Nicole Yankelovich environment. The system, developedat Lid "PERMISSION TO REPRODUCE THIS Brown University's Institute for Researchin MATERIAL HAS BEEN GRANTED BY Information and Scholarship (IRIS),contains U.S.
  • Io — I/O Functions

    Io — I/O Functions

    Title stata.com io — I/O functions Contents Description Remarks and examples Reference Also see Contents [M-5] Manual entry Function Purpose Console output printf( ) printf() display sprintf() display into string errprintf( ) errprintf() display error message display( ) display() display text interpreting SMCL displayas( ) displayas() set whether output is displayed displayflush( ) displayflush() flush terminal output buffer liststruct( ) liststruct() list structure’s contents more( ) more() create --more-- condition setmore() query or set more on or off setmoreonexit() set more on or off on exit File directories direxists( ) direxists() whether directory exists dir( ) dir() file list chdir( ) pwd() obtain current working directory chdir() change current working directory mkdir() make new directory rmdir() remove directory File management findfile( ) findfile() find file fileexists( ) fileexists() whether file exists cat( ) cat() read file into string matrix unlink( ) unlink() erase file adosubdir( ) adosubdir() obtain ado-subdirectory for file 1 2 io — I/O functions File I/O fopen( ) fopen() open file fclose() close file fget() read line of ASCII file fgetnl() same, but include newline character fread() read k bytes of binary file fput() write line into ASCII file fwrite() write k bytes into binary file fgetmatrix() read matrix fputmatrix() write matrix fstatus() status of last I/O command ftell() report location in file fseek() seek to location in file ftruncate() truncate file at current position ferrortext( ) ferrortext() error text of file error code freturncode()
  • UNIX Workshop Series: Quick-Start Objectives

    UNIX Workshop Series: Quick-Start Objectives

    Part I UNIX Workshop Series: Quick-Start Objectives Overview – Connecting with ssh Command Window Anatomy Command Structure Command Examples Getting Help Files and Directories Wildcards, Redirection and Pipe Create and edit files Overview Connecting with ssh Open a Terminal program Mac: Applications > Utilities > Terminal ssh –Y [email protected] Linux: In local shell ssh –Y [email protected] Windows: Start Xming and PuTTY Create a saved session for the remote host name centos.css.udel.edu using username Connecting with ssh First time you connect Unix Basics Multi-user Case-sensitive Bash shell, command-line Commands Command Window Anatomy Title bar Click in the title bar to bring the window to the front and make it active. Command Window Anatomy Login banner Appears as the first line of a login shell. Command Window Anatomy Prompts Appears at the beginning of a line and usually ends in $. Command Window Anatomy Command input Place to type commands, which may have options and/or arguments. Command Window Anatomy Command output Place for command response, which may be many lines long. Command Window Anatomy Input cursor Typed text will appear at the cursor location. Command Window Anatomy Scroll Bar Will appear as needed when there are more lines than fit in the window. Command Window Anatomy Resize Handle Use the mouse to change the window size from the default 80x24. Command Structure command [arguments] Commands are made up of the actual command and its arguments. command -options [arguments] The arguments are further broken down into the command options which are single letters prefixed by a “-” and other arguments that identify data for the command.
  • STAT 625: Statistical Case Studies 1 Our Computing Environment(S)

    STAT 625: Statistical Case Studies 1 Our Computing Environment(S)

    John W. Emerson, Department of Statistics, Yale University © 2013 1 STAT 625: Statistical Case Studies John W. Emerson Yale University Abstract This term, I’ll generally present brief class notes and scripts, but much of the lecture material will simply be presented in class and/or available online. However, student participation is a large part of this course, and at any time I may call upon any of you to share some of your work. Be prepared. This won’t be a class where you sit and absorb material. I strongly encourage you to work with other students; you can learn a lot from each other. To get anything out of this course you’ll need to put in the time for the sake of learning and strengthening your skills, not for the sake of jumping through the proverbial hoop. Lesson 1: Learning how to communicate. This document was created using LATEX and Sweave (which is really an R package). There are some huge advantages to a workflow like this, relating to a topic called reproducible research. Here’s my thought: pay your dues now, reap the benefits later. Don’t trust me on everything, but trust me on this. A sister document was created using R Markdown and the markdown package, and this is also acceptable. Microsoft Office is not. So, in today’s class I’ll show you how I produced these documents and I’ll give you the required files. I recommend you figure out how to use LATEX on your own computer. You already have Sweave, because it comes with R.
  • System Calls and I/O

    System Calls and I/O

    System Calls and I/O CS 241 January 27, 2012 Copyright ©: University of Illinois CS 241 Staff 1 This lecture Goals Get you familiar with necessary basic system & I/O calls to do programming Things covered in this lecture Basic file system calls I/O calls Signals Note: we will come back later to discuss the above things at the concept level Copyright ©: University of Illinois CS 241 Staff 2 System Calls versus Function Calls? Copyright ©: University of Illinois CS 241 Staff 3 System Calls versus Function Calls Function Call Process fnCall() Caller and callee are in the same Process - Same user - Same “domain of trust” Copyright ©: University of Illinois CS 241 Staff 4 System Calls versus Function Calls Function Call System Call Process Process fnCall() sysCall() OS Caller and callee are in the same Process - Same user - OS is trusted; user is not. - Same “domain of trust” - OS has super-privileges; user does not - Must take measures to prevent abuse Copyright ©: University of Illinois CS 241 Staff 5 System Calls System Calls A request to the operating system to perform some activity System calls are expensive The system needs to perform many things before executing a system call The computer (hardware) saves its state The OS code takes control of the CPU, privileges are updated. The OS examines the call parameters The OS performs the requested function The OS saves its state (and call results) The OS returns control of the CPU to the caller Copyright ©: University of Illinois CS 241 Staff 6 Steps for Making a System Call
  • Process Text Streams Using Filters

    Process Text Streams Using Filters

    Process Text Streams Using Filters OBJECTIVE: Candidates should should be able to apply filters to text streams. 1 Process Text Streams Using Filters KeyKEY knowledge KNOWLEDGE area(s): AREAS: Send text files and output streams through text utility filters to modify the output using standard UNIX commands found in the GNU textutils package. 2 Process Text Streams Using Filters KEY FILES,TERMS, UTILITIES cat nl tail cut paste tr expand pr unexpand fmt sed uniq head sort wc hexdump split join tac 3 cat cat the editor - used as a rudimentary text editor. cat > short-message we are curious to meet penguins in Prague Crtl+D *Ctrl+D - command is used for ending interactive input. 4 cat cat the reader More commonly used to flush text to stdout. Options: -n number each line of output -b number only non-blank output lines -A show carriage return Example cat /etc/resolv.conf ▶ search mydomain.org nameserver 127.0.0.1 5 tac tac reads back-to-front This command is the same as cat except that the text is read from the last line to the first. tac short-message ▶ penguins in Prague to meet we are curious 6 head or tail using head or tail - often used to analyze logfiles. - by default, output 10 lines of text. List 20 first lines of /var/log/messages: head -n 20 /var/log/messages head -20 /var/log/messages List 20 last lines of /etc/aliases: tail -20 /etc/aliases 7 head or tail The tail utility has an added option that allows one to list the end of a text starting at a given line.
  • A Brief Introduction to Unix-2019-AMS

    A Brief Introduction to Unix-2019-AMS

    Brief Intro to Linux/Unix Brief Intro to Unix (contd) A Brief Introduction to o Brief History of Unix o Compilers, Email, Text processing o Basics of a Unix session o Image Processing Linux/Unix – AMS 2019 o The Unix File System Pete Pokrandt o Working with Files and Directories o The vi editor UW-Madison AOS Systems Administrator o Your Environment [email protected] o Common Commands Twitter @PTH1 History of Unix History of Unix History of Unix o Created in 1969 by Kenneth Thompson and Dennis o Today – two main variants, but blended o It’s been around for a long time Ritchie at AT&T o Revised in-house until first public release 1977 o System V (Sun Solaris, SGI, Dec OSF1, AIX, o It was written by computer programmers for o 1977 – UC-Berkeley – Berkeley Software Distribution (BSD) linux) computer programmers o 1983 – Sun Workstations produced a Unix Workstation o BSD (Old SunOS, linux, Mac OSX/MacOS) o Case sensitive, mostly lowercase o AT&T unix -> System V abbreviations 1 Basics of a Unix Login Session Basics of a Unix Login Session Basics of a Unix Login Session o The Shell – the command line interface, o Features provided by the shell o Logging in to a unix session where you enter commands, etc n Create an environment that meets your needs n login: username n Some common shells n Write shell scripts (batch files) n password: tImpAw$ n Define command aliases (this Is my password At work $) Bourne Shell (sh) OR n Manipulate command history IHateHaving2changeMypasswordevery3weeks!!! C Shell (csh) n Automatically complete the command
  • Version 7.8-Systemd

    Version 7.8-Systemd

    Linux From Scratch Version 7.8-systemd Created by Gerard Beekmans Edited by Douglas R. Reno Linux From Scratch: Version 7.8-systemd by Created by Gerard Beekmans and Edited by Douglas R. Reno Copyright © 1999-2015 Gerard Beekmans Copyright © 1999-2015, Gerard Beekmans All rights reserved. This book is licensed under a Creative Commons License. Computer instructions may be extracted from the book under the MIT License. Linux® is a registered trademark of Linus Torvalds. Linux From Scratch - Version 7.8-systemd Table of Contents Preface .......................................................................................................................................................................... vii i. Foreword ............................................................................................................................................................. vii ii. Audience ............................................................................................................................................................ vii iii. LFS Target Architectures ................................................................................................................................ viii iv. LFS and Standards ............................................................................................................................................ ix v. Rationale for Packages in the Book .................................................................................................................... x vi. Prerequisites
  • Unix/Linux Command Reference

    Unix/Linux Command Reference

    Unix/Linux Command Reference .com File Commands System Info ls – directory listing date – show the current date and time ls -al – formatted listing with hidden files cal – show this month's calendar cd dir - change directory to dir uptime – show current uptime cd – change to home w – display who is online pwd – show current directory whoami – who you are logged in as mkdir dir – create a directory dir finger user – display information about user rm file – delete file uname -a – show kernel information rm -r dir – delete directory dir cat /proc/cpuinfo – cpu information rm -f file – force remove file cat /proc/meminfo – memory information rm -rf dir – force remove directory dir * man command – show the manual for command cp file1 file2 – copy file1 to file2 df – show disk usage cp -r dir1 dir2 – copy dir1 to dir2; create dir2 if it du – show directory space usage doesn't exist free – show memory and swap usage mv file1 file2 – rename or move file1 to file2 whereis app – show possible locations of app if file2 is an existing directory, moves file1 into which app – show which app will be run by default directory file2 ln -s file link – create symbolic link link to file Compression touch file – create or update file tar cf file.tar files – create a tar named cat > file – places standard input into file file.tar containing files more file – output the contents of file tar xf file.tar – extract the files from file.tar head file – output the first 10 lines of file tar czf file.tar.gz files – create a tar with tail file – output the last 10 lines
  • How the /Etc/Passwd File Relates to the Laua User

    How the /Etc/Passwd File Relates to the Laua User

    Page 1 (2) System Foundation 9.0 laua User and Group How the /etc/passwd File Relates to the laua User Scenario Most users who need access to the Lawson environment will need to have a user account set up on the Operating System where Lawson System Foundation 9.0 has been installed. Users will need resources allocated to run their jobs and space in the directory structure to store their print files. The user account on the Operating System is what allows the allocation of resources and space. In the example presented in this session, users are associated to the Unix Operating System and setup via the /etc/passwd file. The information stored on the user account in the file is used by Lawson’s Legacy Security System, laua. This scenario will present the /etc/passwd file and highlight the important parts of the user represented in the file and how it relates to user setup. Workflow Step 1 of 3: To verify that a user has an account on the Unix Operating System where the Lawson server resides, view the /etc/passwd file on the Lawson server. To do so, you must first access a command line which can be done either through LID (Lawson Insight Desktop) or through lawterminal which is command line access through the Lawson portal. This demonstration will use LID. First access your command line. Action: Type in 'cd /etc' and press the 'Enter' key. © Copyright Lawson Learning 2008 Page 2 (2) Step 2 of 3: You can use any method you choose to view the file.
  • Powerview Command Reference

    Powerview Command Reference

    PowerView Command Reference TRACE32 Online Help TRACE32 Directory TRACE32 Index TRACE32 Documents ...................................................................................................................... PowerView User Interface ............................................................................................................ PowerView Command Reference .............................................................................................1 History ...................................................................................................................................... 12 ABORT ...................................................................................................................................... 13 ABORT Abort driver program 13 AREA ........................................................................................................................................ 14 AREA Message windows 14 AREA.CLEAR Clear area 15 AREA.CLOSE Close output file 15 AREA.Create Create or modify message area 16 AREA.Delete Delete message area 17 AREA.List Display a detailed list off all message areas 18 AREA.OPEN Open output file 20 AREA.PIPE Redirect area to stdout 21 AREA.RESet Reset areas 21 AREA.SAVE Save AREA window contents to file 21 AREA.Select Select area 22 AREA.STDERR Redirect area to stderr 23 AREA.STDOUT Redirect area to stdout 23 AREA.view Display message area in AREA window 24 AutoSTOre ..............................................................................................................................
  • Lab #6: Stat Overview Stat

    Lab #6: Stat Overview Stat

    February 17, 2017 CSC 357 1 Lab #6: Stat Overview The purpose of this lab is for you to retrieve from the filesystem information pertaining to specified files. You will use portions of this lab in Assignment #4, so be sure to write code that can be reused. stat Write a simplified version of the stat utility available on some Unix distributions. This program should take any number of file names as command-line arguments and output information pertaining to each file as described below (you should use the stat system call). The output from your program should look as follows: File: ‘Makefile’ Type: Regular File Size: 214 Inode: 4702722 Links: 1 Access: -rw------- The stat system call provides more information about a file, but this lab only requires the above. The format of each field follows: • File: the name of the file being examined. • Type: the type of file output as “Regular File”, “Directory”, “Character Device”, “Block Device”, “FIFO”, or “Symbolic Link” • Size: the number of bytes in the file. • Inode: the file’s inode. • Links: the number of links to the file. • Access: the access permissions for the file. This field is the most involved since the output string can take many forms. The first bit of the access permissions denotes the type (similar to the second field above). The valid characters for the first bit are: b – Block special file. c – Character special file. d – Directory. l – Symbolic link. p – FIFO. - – Regular file. The remaining bits denote the read, write and execute permissions for the user, group, and others.