hws/hw04.tex
author Christian Urban <urbanc@in.tum.de>
Fri, 01 Jun 2018 15:46:34 +0100
changeset 564 3391a4fc3533
parent 521 34775227c84f
permissions -rw-r--r--
updated
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
39
Christian Urban <urbanc@in.tum.de>
parents:
diff changeset
     1
\documentclass{article}
250
bf4538649619 updated hw
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 247
diff changeset
     2
\usepackage{../style}
39
Christian Urban <urbanc@in.tum.de>
parents:
diff changeset
     3
Christian Urban <urbanc@in.tum.de>
parents:
diff changeset
     4
\begin{document}
Christian Urban <urbanc@in.tum.de>
parents:
diff changeset
     5
Christian Urban <urbanc@in.tum.de>
parents:
diff changeset
     6
\section*{Homework 4}
Christian Urban <urbanc@in.tum.de>
parents:
diff changeset
     7
401
2d6eb340fd98 updated hws
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 392
diff changeset
     8
\HEADER
2d6eb340fd98 updated hws
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 392
diff changeset
     9
39
Christian Urban <urbanc@in.tum.de>
parents:
diff changeset
    10
\begin{enumerate}
564
3391a4fc3533 updated
Christian Urban <urbanc@in.tum.de>
parents: 521
diff changeset
    11
\item nosuid question \url{https://rcoh.me/posts/sudo-science/}
413
0f824ca252e4 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 404
diff changeset
    12
\item What should the architecture of a network application
0f824ca252e4 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 404
diff changeset
    13
      under Unix be that processes potentially hostile data?
392
4dff36e2bbc6 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 389
diff changeset
    14
4dff36e2bbc6 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 389
diff changeset
    15
\item What is a unikernel system and why is a unikernel
413
0f824ca252e4 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 404
diff changeset
    16
      preferable on a web server system (in contrast to a
0f824ca252e4 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 404
diff changeset
    17
      traditional general purpose operating system like
0f824ca252e4 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 404
diff changeset
    18
      Linux). Hint: What is the idea of a unikernel?
392
4dff36e2bbc6 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 389
diff changeset
    19
239
0db764174afb updated home works
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 122
diff changeset
    20
\item What does the principle of least privilege say?
0db764174afb updated home works
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 122
diff changeset
    21
413
0f824ca252e4 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 404
diff changeset
    22
\item How can you exploit the fact that every night root has a
0f824ca252e4 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 404
diff changeset
    23
      cron job that deletes the files in \texttt{/tmp}? (Hint:
0f824ca252e4 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 404
diff changeset
    24
      cron-attack)
389
9019f84ef99c updated hws
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 348
diff changeset
    25
9019f84ef99c updated hws
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 348
diff changeset
    26
413
0f824ca252e4 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 404
diff changeset
    27
\item In which of the following situations can the access
0f824ca252e4 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 404
diff changeset
    28
      control mechanism of Unix file permissions be used?
239
0db764174afb updated home works
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 122
diff changeset
    29
0db764174afb updated home works
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 122
diff changeset
    30
\begin{itemize}
0db764174afb updated home works
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 122
diff changeset
    31
\item[(a)] Alice wants to have her files readable, except for her office mates.
0db764174afb updated home works
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 122
diff changeset
    32
\item[(b)] Bob and Sam want to share some secret files.
0db764174afb updated home works
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 122
diff changeset
    33
\item[(c)] Root wants some of her files to be public.
0db764174afb updated home works
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 122
diff changeset
    34
\end{itemize}
0db764174afb updated home works
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 122
diff changeset
    35
117
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 97
diff changeset
    36
\item Explain what is meant by \emph{Kerckhoffs' principle}.
39
Christian Urban <urbanc@in.tum.de>
parents:
diff changeset
    37
122
f0e51ffd2965 added hw
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 117
diff changeset
    38
\item How can a system that separates between \emph{users} and \emph{root} be of any 
f0e51ffd2965 added hw
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 117
diff changeset
    39
help with buffer overflow attacks?
f0e51ffd2965 added hw
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 117
diff changeset
    40
239
0db764174afb updated home works
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 122
diff changeset
    41
\item What does it mean that the program \texttt{passwd} has the
0db764174afb updated home works
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 122
diff changeset
    42
  \texttt{setuid} bit set? Why is this necessary?
122
f0e51ffd2965 added hw
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 117
diff changeset
    43
425
4a0bff167159 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 413
diff changeset
    44
\item Under Unix (for example BSD Unix, MacOSX) the \texttt{login} 
4a0bff167159 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 413
diff changeset
    45
  programm has the setuid bit set. Why is this needed? In Linux
4a0bff167159 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 413
diff changeset
    46
  \texttt{login} does \emph{not} have the setuid bit set. What are
4a0bff167159 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 413
diff changeset
    47
  the consequences of this choice?
122
f0e51ffd2965 added hw
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 117
diff changeset
    48
250
bf4538649619 updated hw
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 247
diff changeset
    49
\item The variable \texttt{PATH} is a shell variable in UNIX which
bf4538649619 updated hw
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 247
diff changeset
    50
  lists all directories that should be automatically searched for a
bf4538649619 updated hw
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 247
diff changeset
    51
  program. For example if \texttt{PATH} contains the directory
bf4538649619 updated hw
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 247
diff changeset
    52
  \texttt{/usr/bin} and the program \texttt{ls} is stored there, then
bf4538649619 updated hw
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 247
diff changeset
    53
  a user does not need to type \texttt{/usr/bin/ls} to run this file,
bf4538649619 updated hw
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 247
diff changeset
    54
  but \texttt{ls} suffices. The question is why is it a bad idea in
bf4538649619 updated hw
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 247
diff changeset
    55
  general, but in particular for root, to have \texttt{.} as the first
bf4538649619 updated hw
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 247
diff changeset
    56
  entry in ones variable \texttt{PATH}?
bf4538649619 updated hw
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 247
diff changeset
    57
247
95e14b2dbc94 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 239
diff changeset
    58
\item In the context of which information flow should be protected, explain briefly the 
95e14b2dbc94 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 239
diff changeset
    59
differences between the {\it read rule} of the Bell-LaPadula access
95e14b2dbc94 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 239
diff changeset
    60
policy and the Biba access policy. Do the same for the {\it write rule}.
39
Christian Urban <urbanc@in.tum.de>
parents:
diff changeset
    61
470
6764a249118a updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 425
diff changeset
    62
\item \POSTSCRIPT
39
Christian Urban <urbanc@in.tum.de>
parents:
diff changeset
    63
\end{enumerate}
Christian Urban <urbanc@in.tum.de>
parents:
diff changeset
    64
50
33b26c8efa03 added hw
Christian Urban <urbanc@in.tum.de>
parents: 40
diff changeset
    65
39
Christian Urban <urbanc@in.tum.de>
parents:
diff changeset
    66
\end{document}
Christian Urban <urbanc@in.tum.de>
parents:
diff changeset
    67
Christian Urban <urbanc@in.tum.de>
parents:
diff changeset
    68
%%% Local Variables: 
Christian Urban <urbanc@in.tum.de>
parents:
diff changeset
    69
%%% mode: latex
Christian Urban <urbanc@in.tum.de>
parents:
diff changeset
    70
%%% TeX-master: t
Christian Urban <urbanc@in.tum.de>
parents:
diff changeset
    71
%%% End: