Mercurial Mercurial > hg > sen-material / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
hws/hw03.tex
changeset 239 0db764174afb
parent 144 fdd0c7fa1b65
child 257 9bc912fcedb6
equal deleted inserted replaced
238:6ba55ba5b588 239:0db764174afb 
     5 \begin{document}
 
     5 \begin{document}
 
     6 
     6 
     7 \section*{Homework 3}
 
     7 \section*{Homework 3}
 
     8 
     8 
     9 \begin{enumerate}
 
     9 \begin{enumerate}
 
    10 \item What does the principle of least privilege say?
 
    10 \item What should the architecture of a network application under Unix
 
    11 
    11   be that processes potentially hostile data?
 
    12 \item In which of the following situations can the access control mechanism of Unix
 
       
    13 file permissions be used?
 
       
    14 
       
    15 \begin{itemize}
 
       
    16 \item[(a)] Alice wants to have her files readable, except for her office mates.
 
       
    17 \item[(b)] Bob and Sam want to share some secret files.
 
       
    18 \item[(c)] Root wants some of her files to be public.
 
       
    19 \end{itemize}
 
       
    20 
       
    21 \item What should the architecture of a network application under Unix 
       
    22 be that processes potentially hostile data?
 
       
    23 
    12 
    24 \item How can you exploit the fact that every night root has a cron
 
    13 \item How can you exploit the fact that every night root has a cron
 
    25 job that deletes the files in \texttt{/tmp}? (Hint: cron-attack)
 
    14   job that deletes the files in \texttt{/tmp}? (Hint: cron-attack)
 
    26 
    15 
    27 \item What does it mean that the program \texttt{passwd} has the \texttt{setuid}
 
    16 \item How does a buffer-overflow attack work? (Hint: What happens on
 
    28 bit set? Why is this necessary?
 
    17   the stack.)
 
    29 \item Assume format string attacks allow you to read out the stack. What can you do
 
    18 
    30 	with this information? (Hint: Consider what is stored in the stack.)
 
    19 \item Why is it crucuial for a buffer overflow attack that the stack
 
       
    20   grows from higher addresses to lower ones?
 
       
    21 
       
    22 \item How does a stack canary help with preventing a buffer-overflow
 
       
    23   attack?
 
       
    24 
       
    25 \item Why does randomising the address where programs are run help
 
       
    26   defending against buffer overflow attacks?
 
       
    27 
       
    28 \item Assume format string attacks allow you to read out the
 
       
    29   stack. What can you do with this information? (Hint: Consider what
 
       
    30   is stored in the stack.)
 
    31 
    31 
    32 \item Assume you can crash a program remotely. Why is this a problem?
 
    32 \item Assume you can crash a program remotely. Why is this a problem?
 
    33 
    33 
    34 \item How can the choice of a programming language help with buffer overflow attacks?
 
    34 \item How can the choice of a programming language help with buffer
 
    35 (Hint: Why are C-programs prone to such attacks, but not Java programs.)
 
    35   overflow attacks?  (Hint: Why are C-programs prone to such attacks,
 
    36 
    36   but not Java programs.)
 
    37 %\item How can a system that separates between \emph{users} and \emph{root} 
       
    38 %be of any help with buffer overflow attacks?
 
       
    39 \end{enumerate}
 
    37 \end{enumerate}
 
    40 
    38 
    41 \end{document}
 
    39 \end{document}
 
    42 
    40 
    43 %%% Local Variables: 
    41 %%% Local Variables:
sen-material