--- a/hws/hw04.tex	Fri Oct 10 15:49:23 2014 +0100
+++ b/hws/hw04.tex	Fri Oct 10 16:14:55 2014 +0100
@@ -8,25 +8,25 @@
 \section*{Homework 4}
 
 \begin{enumerate}
+\item What does the principle of least privilege say?
+
+\item In which of the following situations can the access control mechanism of Unix
+file permissions be used?
+
+\begin{itemize}
+\item[(a)] Alice wants to have her files readable, except for her office mates.
+\item[(b)] Bob and Sam want to share some secret files.
+\item[(c)] Root wants some of her files to be public.
+\end{itemize}
+
 \item Explain what is meant by \emph{Kerckhoffs' principle}.
 
 \item How can a system that separates between \emph{users} and \emph{root} be of any 
 help with buffer overflow attacks?
 
-\item Consider the following simple mutual authentication protocol:
+\item What does it mean that the program \texttt{passwd} has the
+  \texttt{setuid} bit set? Why is this necessary?
 
-\begin{center}
-\begin{tabular}{ll}
-$A \rightarrow B$: & $N_a$\\  
-$B \rightarrow A$: & $\{N_a, N_b\}_{K_{ab}}$\\
-$A \rightarrow B$: & $N_b$\\
-\end{tabular}
-\end{center}
-
-Explain how an attacker $B'$ can launch an impersonation attack by 
-intercepting all messages for $B$ and make $A$ decrypt her own challenges.
-
-\item Explain what are the differences between dictionary and brute forcing attacks  against  passwords.
 
 \item In the context of which information flow should be protected, explain briefly the 
 differences between the {\it read rule} of the Bell-LaPadula access