HW 10: Security
Instructions
- You must turn in a sheet of paper that is neatly typed or written answering the questions below. (You are strongly encouraged to type your homework.)
- This homework is graded out of 90 points. Point values are associated to each question.
Questions
- (5 points) Why must there be a de-escalation of privilege when the
login
program executes theshell
for an authenticated user? - (10 points) Consider the following program with the following permission
strings below, if you (as your username) were to run these
programs, what capabilities (group and user permissions) would
the executing program have?
-rwxr-x--x 1 aviv scs 8622 Mar 30 10:40 a.out
-rwsr-x--x 1 aviv scs 8622 Mar 30 10:40 a.out
-rwxr-s--x 1 aviv scs 8622 Mar 30 10:40 a.out
-rwsr-s--x 1 aviv scs 8622 Mar 30 10:40 a.out
- (5 points) What is the difference between the real and effective user and group id of a running process?
- (15 points) Provide a short, plain-English, description of each of the system
calls below:
getuid()
getgid()
geteuid()
getegid()
setuid(uid)
setgid(gid)
setreuid(uid,euid)
setregid(gid,egid)
- (10 points) Consider the following
chmod
statements, provide the permission string, that is the permission stringrwxrwxrwx
represents 777. Be careful about setbits.chmod 6750 a.out
chmod 4750 a.out
chmod 2750 a.out
- (5 points) Suppose you are writing a setuid program, and you want downgrade the effective permission of the program back to the user who is executing the program. Provide one line of C that can do that.
- (5 points) What does the library call
system()
do? - (5 points) Explain how the environment variable
PATH
is used to select which program to execute when usingexecvp()
orsystem()
or in a shell? (10 points) The following program has a (multiple!) security flaw, describe how to exploit it. And, provide at least one way to change the program to protect it from the attack you described?
#include <stdio.h> #include <stdlib.h> int main(){ system("cat sample.db | cut -d ',' -f 3 | sort | uniq"); }
(10 points) The following program has two security flaws, describe them and how to exploit them.
int main(){ char cmd[1024]; char fname[40]; printf("Enter file name:\n"); scanf("%s",fname); snprtinf(cmd,1024,"/bin/cat %s",fname); system(cmd); }
- (10 points) Describe a solution to each of the security flaws you identified in the previous question.