IC221: Systems Programming (SP17)


Home Policy Calendar Units Assignments Resources

HW 10: Security

Instructions

  • You must turn in a sheet of paper that is neatly typed or written answering the questions below. (You are strongly encouraged to type your homework.)
  • This homework is graded out of 90 points. Point values are associated to each question.

Questions

  1. (5 points) Why must there be a de-escalation of privilege when the login program executes the shell for an authenticated user?
  2. (10 points) Consider the following program with the following permission strings below, if you (as your username) were to run these programs, what capabilities (group and user permissions) would the executing program have?
    1. -rwxr-x--x 1 aviv scs 8622 Mar 30 10:40 a.out
    2. -rwsr-x--x 1 aviv scs 8622 Mar 30 10:40 a.out
    3. -rwxr-s--x 1 aviv scs 8622 Mar 30 10:40 a.out
    4. -rwsr-s--x 1 aviv scs 8622 Mar 30 10:40 a.out
  3. (5 points) What is the difference between the real and effective user and group id of a running process?
  4. (15 points) Provide a short, plain-English, description of each of the system calls below:
    1. getuid()
    2. getgid()
    3. geteuid()
    4. getegid()
    5. setuid(uid)
    6. setgid(gid)
    7. setreuid(uid,euid)
    8. setregid(gid,egid)
  5. (10 points) Consider the following chmod statements, provide the permission string, that is the permission string rwxrwxrwx represents 777. Be careful about setbits.
    1. chmod 6750 a.out
    2. chmod 4750 a.out
    3. chmod 2750 a.out
  6. (5 points) Suppose you are writing a setuid program, and you want downgrade the effective permission of the program back to the user who is executing the program. Provide one line of C that can do that.
  7. (5 points) What does the library call system() do?
  8. (5 points) Explain how the environment variable PATH is used to select which program to execute when using execvp() or system() or in a shell?
  9. (10 points) The following program has a (multiple!) security flaw, describe how to exploit it. And, provide at least one way to change the program to protect it from the attack you described?

    #include <stdio.h>
    #include <stdlib.h>
    int main(){
      system("cat sample.db | cut -d ',' -f 3 | sort  | uniq");
    }
    
  10. (10 points) The following program has two security flaws, describe them and how to exploit them.

    int main(){                                 
      char cmd[1024];
      char fname[40];
      printf("Enter file name:\n");
      scanf("%s",fname);
      snprtinf(cmd,1024,"/bin/cat %s",fname);
      system(cmd);
    }
    
  11. (10 points) Describe a solution to each of the security flaws you identified in the previous question.