Binary file handouts/ho01.pdf has changed
--- a/handouts/ho01.tex Tue Dec 30 01:22:25 2014 +0000
+++ b/handouts/ho01.tex Tue Dec 30 21:59:47 2014 +0000
@@ -370,7 +370,8 @@
\begin{figure}[p]
\lstinputlisting{../progs/App4.js}
-\caption{\label{hashsalt}}
+\caption{A Node.js web-app that sets a cookie in the client's
+browser for counting the number of visits to a page.\label{hashsalt}}
\end{figure}
\begin{center}\tt
@@ -608,14 +609,11 @@
\url{http://xkcd.com/538/}
\end{center}
-\noindent
-If you want to know more about passwords, I recommend viewing
-some youtube videos from the PasswordCon(ference) which takes
-place each year. The book by Bruce Schneier about Applied
-Cryptography is also recommendable, though quite expensive.
-There is also another expensive book about penetration
-testing, but the readable chapter about password attacks
-(Chapter 9) is free:
+\noindent If you want to know more about passwords, the book
+by Bruce Schneier about Applied Cryptography is recommendable,
+though quite expensive. There is also another expensive book
+about penetration testing, but the readable chapter about
+password attacks (Chapter 9) is free:
\begin{center}
\url{http://www.nostarch.com/pentesting}
Binary file handouts/ho02.pdf has changed
--- a/handouts/ho02.tex Tue Dec 30 01:22:25 2014 +0000
+++ b/handouts/ho02.tex Tue Dec 30 21:59:47 2014 +0000
@@ -386,7 +386,7 @@
\noindent This brings us to the question, what could be a
viable electronic voting process in
-\underline{\textbf{\emph{theory}}} with current technology?
+\underline{\smash{\textbf{\emph{theory}}}} with current technology?
In the literature one can find proposals such as this one:
\begin{enumerate}
Binary file handouts/ho03.pdf has changed
Binary file handouts/ho04.pdf has changed
--- a/handouts/ho04.tex Tue Dec 30 01:22:25 2014 +0000
+++ b/handouts/ho04.tex Tue Dec 30 21:59:47 2014 +0000
@@ -27,10 +27,31 @@
access: \underline{\textbf{r}}ead, \underline{\textbf{w}}rite
and e\underline{\textbf{x}}ecute. Moreover there are three
user groups to which the modes apply: the owner of the file,
-the group the file is associated with and everybody else. This
-relatively fine granularity seems to cover many useful
-scenarios of access control. A typical example of some files
-with permission attributes is as follows:
+the group the file is associated with and everybody else.
+A typical permission of a file owned by \texttt{bob} might look as
+follows:
+
+\begin{center}
+${\underbrace{\LARGE\texttt{-}}_{\text{\makebox[0mm]{directory}}}}
+ \;{\underbrace{\LARGE\texttt{r{}-{}-}}_{\text{user}}}\,
+ {\underbrace{\LARGE\texttt{r{}w{}-}}_{\text{group}}}\,
+ {\underbrace{\LARGE\texttt{r{}w{}x}}_{\text{other}}}\;\;\;
+ \LARGE\texttt{bob}\;\;\;\texttt{staff}$
+\end{center}
+
+\noindent For the moment let us ignore the directory bit. The
+Unix access rules imply that Bob will only have read access to
+this file, even if he is in the group \texttt{staff} and the
+group access permissions allow read and write. Similarly every
+member in the \texttt{staff} group who is not \texttt{bob},
+will only have read-write access permissions, not
+read-write-execute.
+
+This
+relatively fine granularity of owner, group, everybody else
+seems to cover many useful scenarios of access control. A
+typical example of some files with permission attributes is as
+follows:
{\small\lstinputlisting[language={}]{../slides/lst}}
@@ -158,18 +179,38 @@
this change. After it has done the work, the effective
identity should go back to the real identity.
+If you want to play more with access rights in Unix, you can
+use the program in Figure~\ref{test}. It explicitly checks for
+readability and writability of files. The \pcode{main}
+function is organised into two parts: the first checks
+readability and writability with the permissions according to
+a potential setuid bit, and the second (starting in Line 34)
+when the permissions are lowered to the caller. Note that this
+program has one problem as well: it only gives a reliable
+answer in cases a file is {\bf not} readable or {\bf not}
+writable when it returns an error code 13 (permission denied).
+It sometimes claims a file is not writable, say, but with an
+error code 26 (text file busy). This is unrelated to the
+permissions of the file.
+
+\begin{figure}[p]
+\small
+\lstinputlisting[language=C]{../progs/read.c}
+\caption{A read/write test program in C. It returns errno = 13
+in cases when permission is denied.\label{test}}
+\end{figure}
Despite this complicated semantics, Unix-style access control
is of no use in a number of situations. For example it cannot
be used to exclude some subset of people, but otherwise have
files readable by everybody else (say you want to restrict
-access to a file such that your office mates cannot access
-a file). You could try setting the group of the file to this
+access to a file such that your office mates cannot access a
+file). You could try setting the group of the file to this
subset and then restrict access accordingly. But this does not
help, because users can drop membership in groups. If one
needs such fine-grained control over who can access a file,
-one needs more powerful \emph{mandatory access controls}
-as described next.
+one needs more powerful \emph{mandatory access controls} as
+described next.
\subsubsection*{Secrecy and Integrity}
Binary file hws/so04.pdf has changed
--- a/progs/read.c Tue Dec 30 01:22:25 2014 +0000
+++ b/progs/read.c Tue Dec 30 21:59:47 2014 +0000
@@ -1,50 +1,47 @@
#include <stdio.h>
-#include <stdlib.h>
#include <unistd.h>
#include <errno.h>
+FILE *f; //file pointer
+
+//tests return errno = 13 for permission denied
+void read_test(char *name)
+{
+ if ((f = fopen(name, "r")) == NULL) {
+ printf("%s is not readable, errno = %d\n", name, errno);
+ } else {
+ printf("%s is readable\n", name); fclose(f);
+ }
+}
+
+void write_test(char *name)
+{
+ if ((f = fopen(name, "r+")) == NULL) {
+ printf("%s is not writable, errno = %d\n", name, errno);
+ } else {
+ printf("%s is writable\n", name); fclose(f);
+ }
+}
+
int main(int argc, char *argv[])
{
- FILE *f; //file pointer
-
printf("Real UID = %d\n", getuid());
printf("Effective UID = %d\n", geteuid());
- //read test (error 13 is permission denied)
- if ((f = fopen(argv[1], "r")) == NULL) {
- fprintf(stderr, "%s is not readable, errno = %d\n", argv[1], errno);
- } else {
- fprintf(stderr, "%s is readable\n", argv[1]); fclose(f);
- }
-
- //write test
- if ((f = fopen(argv[1], "r+")) == NULL) {
- fprintf(stderr, "%s is not writable, errno = %d\n", argv[1], errno);
- } else {
- fprintf(stderr, "%s is writable\n", argv[1]); fclose(f);
- }
+ read_test(argv[1]);
+ write_test(argv[1]);
//lowering the access rights to the caller
if (setuid(getuid())) {
- fprintf(stderr, "could not reset setuid, errno = %d\n", errno); return 1;
+ printf("could not reset setuid, errno = %d\n", errno);
+ return 1;
}
printf("Real UID = %d\n", getuid());
printf("Effective UID = %d\n", geteuid());
- //read test
- if ((f = fopen(argv[1], "r")) == NULL) {
- fprintf(stderr, "%s is not readable, errno = %d\n", argv[1], errno);
- } else {
- fprintf(stderr, "%s is readable\n", argv[1]); fclose(f);
- }
-
- //write test
- if ((f = fopen(argv[1], "w")) == NULL) {
- fprintf(stderr, "%s is not writable, errno = %d\n", argv[1], errno);
- } else {
- fprintf(stderr, "%s is writable\n", argv[1]); fclose(f);
- }
+ read_test(argv[1]);
+ write_test(argv[1]);
return 0;
}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/progs/read2.c Tue Dec 30 21:59:47 2014 +0000
@@ -0,0 +1,47 @@
+#include <stdio.h>
+#include <unistd.h>
+#include <errno.h>
+
+FILE *f; //file pointer
+
+//tests return errno = 13 for permission denied
+void read_test(char *name)
+{
+ if ((f = fopen(name, "r")) == NULL) {
+ printf("%s is not readable, errno = %d\n", name, errno);
+ } else {
+ printf("%s is readable\n", name); fclose(f);
+ }
+}
+
+void write_test(char *name)
+{
+ if ((f = fopen(name, "r+")) == NULL) {
+ printf("%s is not writable, errno = %d\n", name, errno);
+ } else {
+ printf("%s is writable\n", name); fclose(f);
+ }
+}
+
+int main(int argc, char *argv[])
+{
+ printf("Real UID = %d\n", getuid());
+ printf("Effective UID = %d\n", geteuid());
+
+ read_test(argv[1]);
+ write_test(argv[1]);
+
+ //lowering the access rights to the caller
+ if (setuid(getuid())) {
+ printf("could not reset setuid, errno = %d\n", errno);
+ return 1;
+ }
+
+ printf("Real UID = %d\n", getuid());
+ printf("Effective UID = %d\n", geteuid());
+
+ read_test(argv[1]);
+ write_test(argv[1]);
+
+ return 0;
+}