\documentclass{article}
\usepackage{../style}

\begin{document}

\section*{Homework 4}

\HEADER

\begin{enumerate}
\item What should the architecture of a network application
      under Unix be that processes potentially hostile data?

\item What is a unikernel system and why is a unikernel
      preferable on a web server system (in contrast to a
      traditional general purpose operating system like
      Linux). Hint: What is the idea of a unikernel?

\item What does the principle of least privilege say?

\item How can you exploit the fact that every night root has a
      cron job that deletes the files in \texttt{/tmp}? (Hint:
      cron-attack)


\item In which of the following situations can the access
      control mechanism of Unix file permissions be used?

\begin{itemize}
\item[(a)] Alice wants to have her files readable, except for her office mates.
\item[(b)] Bob and Sam want to share some secret files.
\item[(c)] Root wants some of her files to be public.
\end{itemize}

\item Explain what is meant by \emph{Kerckhoffs' principle}.

\item How can a system that separates between \emph{users} and \emph{root} be of any 
help with buffer overflow attacks?

\item What does it mean that the program \texttt{passwd} has the
  \texttt{setuid} bit set? Why is this necessary?

\item Under Unix (for example BSD Unix, MacOSX) the \texttt{login} 
  programm has the setuid bit set. Why is this needed? In Linux
  \texttt{login} does \emph{not} have the setuid bit set. What are
  the consequences of this choice?

\item The variable \texttt{PATH} is a shell variable in UNIX which
  lists all directories that should be automatically searched for a
  program. For example if \texttt{PATH} contains the directory
  \texttt{/usr/bin} and the program \texttt{ls} is stored there, then
  a user does not need to type \texttt{/usr/bin/ls} to run this file,
  but \texttt{ls} suffices. The question is why is it a bad idea in
  general, but in particular for root, to have \texttt{.} as the first
  entry in ones variable \texttt{PATH}?

\item A Unix directory might look as follows:

\begin{center}
\begin{verbatim}
$ ls -ld . * */*
drwxr-xr-x 1 ping staff  32768 Apr  2 2010 .
-rw----r-- 1 ping students  31359 Jul 24 2011 manual.txt
-r--rw--w- 1 bob students   4359 Jul 24 2011 report.txt
-rwsr--r-x 1 bob students 141359 Jun  1 2013 microedit
dr--r-xr-x 1 bob staff  32768 Jul 23 2011 src
-rw-r--r-- 1 bob staff  81359 Feb 28 2012 src/code.c
-r--rw---- 1 emma students    959 Jan 23 2012 src/code.h
\end{verbatim}
\end{center}

with group memberships assigned as follows:
\begin{center}
\begin{tabular}{ll}
Members of group staff: & ping, bob, emma\\ 
Members of group students: & emma\\
\end{tabular}
\end{center}

The file microedit is a text editor, which allows its users to open, edit and 
save files. Note carefully that microedit has set its setuid flag. 
Fill in the access control matrix below that shows for each of the above five files, 
whether ping, bob, or emma are able to obtain the right to read (R) or replace (W) its 
contents using the editor microedit.\bigskip

\begin{center}
\begin{tabular}{r|c|c|c|c|c}
        & manual.txt & report.txt & microedit & src/code.c & src/code.h \\\hline
ping & & & & &\\\hline
bob & & & & &\\\hline
emma   & & & & &\\
\end{tabular}
\end{center}

\item In the context of which information flow should be protected, explain briefly the 
differences between the {\it read rule} of the Bell-LaPadula access
policy and the Biba access policy. Do the same for the {\it write rule}.

\end{enumerate}


\end{document}

%%% Local Variables: 
%%% mode: latex
%%% TeX-master: t
%%% End: