Mercurial Mercurial > hg > sen-material / file revision
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
hws/hw04.tex
author Christian Urban <christian dot urban at kcl dot ac dot uk>
Thu, 15 Oct 2015 01:41:33 +0100
changeset 406 0516bffd3f5f
parent 404 4e3bc09748f7
child 413 0f824ca252e4
permissions -rw-r--r--
updated

\documentclass{article}
\usepackage{../style}

\begin{document}

\section*{Homework 4}

\HEADER

\begin{enumerate}
\item What should the architecture of a network application under Unix
  be that processes potentially hostile data?

\item What is a unikernel system and why is a unikernel
preferable on a web server system (in contrast to a traditional
general purpose operating system like Linux). Hint: What is
the idea of a unikernel.

\item What does the principle of least privilege say?

\item How can you exploit the fact that every night root has a cron
  job that deletes the files in \texttt{/tmp}? (Hint: cron-attack)


\item In which of the following situations can the access control mechanism of Unix
file permissions be used?

\begin{itemize}
\item[(a)] Alice wants to have her files readable, except for her office mates.
\item[(b)] Bob and Sam want to share some secret files.
\item[(c)] Root wants some of her files to be public.
\end{itemize}

\item Explain what is meant by \emph{Kerckhoffs' principle}.

\item How can a system that separates between \emph{users} and \emph{root} be of any 
help with buffer overflow attacks?

\item What does it mean that the program \texttt{passwd} has the
  \texttt{setuid} bit set? Why is this necessary?

\item Which permissions does the program \texttt{login}
normally have and why is this needed?

\item The variable \texttt{PATH} is a shell variable in UNIX which
  lists all directories that should be automatically searched for a
  program. For example if \texttt{PATH} contains the directory
  \texttt{/usr/bin} and the program \texttt{ls} is stored there, then
  a user does not need to type \texttt{/usr/bin/ls} to run this file,
  but \texttt{ls} suffices. The question is why is it a bad idea in
  general, but in particular for root, to have \texttt{.} as the first
  entry in ones variable \texttt{PATH}?

\item A Unix directory might look as follows:

\begin{center}
\begin{verbatim}
$ ls -ld . * */*
drwxr-xr-x 1 ping staff  32768 Apr  2 2010 .
-rw----r-- 1 ping students  31359 Jul 24 2011 manual.txt
-r--rw--w- 1 bob students   4359 Jul 24 2011 report.txt
-rwsr--r-x 1 bob students 141359 Jun  1 2013 microedit
dr--r-xr-x 1 bob staff  32768 Jul 23 2011 src
-rw-r--r-- 1 bob staff  81359 Feb 28 2012 src/code.c
-r--rw---- 1 emma students    959 Jan 23 2012 src/code.h
\end{verbatim}
\end{center}

with group memberships assigned as follows:
\begin{center}
\begin{tabular}{ll}
Members of group staff: & ping, bob, emma\\ 
Members of group students: & emma\\
\end{tabular}
\end{center}

The file microedit is a text editor, which allows its users to open, edit and 
save files. Note carefully that microedit has set its setuid flag. 
Fill in the access control matrix below that shows for each of the above five files, 
whether ping, bob, or emma are able to obtain the right to read (R) or replace (W) its 
contents using the editor microedit.\bigskip

\begin{center}
\begin{tabular}{r|c|c|c|c|c}
        & manual.txt & report.txt & microedit & src/code.c & src/code.h \\\hline
ping & & & & &\\\hline
bob & & & & &\\\hline
emma   & & & & &\\
\end{tabular}
\end{center}

\item In the context of which information flow should be protected, explain briefly the 
differences between the {\it read rule} of the Bell-LaPadula access
policy and the Biba access policy. Do the same for the {\it write rule}.

\end{enumerate}


\end{document}

%%% Local Variables: 
%%% mode: latex
%%% TeX-master: t
%%% End:
sen-material