Mercurial Mercurial > hg > sen-material / file revision
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
hws/hw04.tex
author Christian Urban <christian dot urban at kcl dot ac dot uk>
Mon, 03 Nov 2014 03:22:41 +0000
changeset 276 d7109c6e721d
parent 250 bf4538649619
child 348 b322a245589c
permissions -rw-r--r--
updated

\documentclass{article}
\usepackage{../style}

\begin{document}

\section*{Homework 4}

\begin{enumerate}
\item What does the principle of least privilege say?

\item In which of the following situations can the access control mechanism of Unix
file permissions be used?

\begin{itemize}
\item[(a)] Alice wants to have her files readable, except for her office mates.
\item[(b)] Bob and Sam want to share some secret files.
\item[(c)] Root wants some of her files to be public.
\end{itemize}

\item Explain what is meant by \emph{Kerckhoffs' principle}.

\item How can a system that separates between \emph{users} and \emph{root} be of any 
help with buffer overflow attacks?

\item What does it mean that the program \texttt{passwd} has the
  \texttt{setuid} bit set? Why is this necessary?

\item With which permissions does the program \texttt{login}
normally have and why is this needed?

\item The variable \texttt{PATH} is a shell variable in UNIX which
  lists all directories that should be automatically searched for a
  program. For example if \texttt{PATH} contains the directory
  \texttt{/usr/bin} and the program \texttt{ls} is stored there, then
  a user does not need to type \texttt{/usr/bin/ls} to run this file,
  but \texttt{ls} suffices. The question is why is it a bad idea in
  general, but in particular for root, to have \texttt{.} as the first
  entry in ones variable \texttt{PATH}?

\item A Unix directory might look as follows:

\begin{center}
\begin{verbatim}
$ ls -ld . * */*
drwxr-xr-x 1 ping staff  32768 Apr  2 2010 .
-rw----r-- 1 ping students  31359 Jul 24 2011 manual.txt
-r--rw--w- 1 bob students   4359 Jul 24 2011 report.txt
-rwsr--r-x 1 bob students 141359 Jun  1 2013 microedit
dr--r-xr-x 1 bob staff  32768 Jul 23 2011 src
-rw-r--r-- 1 bob staff  81359 Feb 28 2012 src/code.c
-r--rw---- 1 emma students    959 Jan 23 2012 src/code.h
\end{verbatim}
\end{center}

with group memberships assigned as follows:
\begin{center}
\begin{tabular}{ll}
Members of group staff: & ping, bob, emma\\ 
Members of group students: & emma\\
\end{tabular}
\end{center}

The file microedit is a text editor, which allows its users to open, edit and 
save files. Note carefully that microedit has set its setuid flag. 
Fill in the access control matrix below that shows for each of the above five files, 
whether ping, bob, or emma are able to obtain the right to read (R) or replace (W) its 
contents using the editor microedit.\bigskip

\begin{center}
\begin{tabular}{r|c|c|c|c|c}
        & manual.txt & report.txt & microedit & src/code.c & src/code.h \\\hline
ping & & & & &\\\hline
bob & & & & &\\\hline
emma   & & & & &\\
\end{tabular}
\end{center}

\item In the context of which information flow should be protected, explain briefly the 
differences between the {\it read rule} of the Bell-LaPadula access
policy and the Biba access policy. Do the same for the {\it write rule}.

\end{enumerate}


\end{document}

%%% Local Variables: 
%%% mode: latex
%%% TeX-master: t
%%% End:
sen-material