Computers and Technology, 01.03.2021 21:50 xxkeyxx51
Alice wants to be able to share read and write access to some of her files (on a unix system) with dynamically changing sets of users. Since she is not root, she can't just construct new groups for each file, nor can she turn on the optional ACL feature available on some Linux systems. So she decides to write setuid programs that will implement ACLs for her friends. Alice designs two setuid, world- executable programs, alice-write and alice-read (e. g., programs that anyone can run as alice ) that work as follows:
. /alice-write IN OUT: first checks a permission file written by Alice to make sure that the ruid of the process (the calling user) is allowed to write to the file out. If so, then the program reads the file in and writes it over out.
./alice-read IN OUT: first checks a permission file written by Alice to make sure that the calling user is allowed to read the file in. If so, the the program reads in and writes it to the file out. Assume Alice has been careful in her implementation, i. e., there are no buffer overflows in alice-read and alice-write, the permission file is properly protected (uniquely named in the program and set to permission 0400), the programs accept only file paths listed in the permissions file, and permissions on Alice's files are preserved.
1. Can you find any (21) potential security problems with this approach? Describe them, no code/visuals required. (e. g., suppose Bob can read and write some of Alice's files but not others; can he use alice-write and alice-read to gain access to files he shouldn't? Are there potential attacks that could allow third parties to read/write Alice's files?) (10 points)
2. How could you change interface (e. g., what is passed to the programs) and/or implementation (e. g., the description of the programs) of alice-write and alice-read to avoid your attacks? Describe only, no code necessary. [10 points]
Answers: 3
Other questions on the subject: Computers and Technology
Computers and Technology, 22.06.2019 19:20, SundaeSunday
Consider the following code snippet: #ifndef cashregister_h#define cashregister_hconst double max_balance = 6000000.0; class cashregister{public: cashregister(); cashregister(double new_balance); void set_balance(double new_balance); double get_balance() const; private: double balance[12]; }; double get_monthly_balance(cashregister bk, int month); #endifwhich of the following is correct? a)the header file is correct as given. b)the definition of max_balance should be removed since header files should not contain constants. c)the definition of cashregister should be removed since header files should not contain class definitions. d)the body of the get_monthly_balance function should be added to the header file.
Answers: 1
Computers and Technology, 22.06.2019 19:30, bstine6678
When creating a presentation in libre office impress, where does the editing of slides take place? a. the slides panel b. the center panel c. the tasks panel, under the masters pages tab d. the tasks panel, under the layouts tab
Answers: 1
Computers and Technology, 23.06.2019 05:30, savyblue1724707
Sally is editing her science report about living things. she needs to copy a paragraph from her original report. order the steps sally needs to do to copy the text to her new document.
Answers: 1
You know the right answer?
Alice wants to be able to share read and write access to some of her files (on a unix system) with d...
Questions in other subjects:
Mathematics, 22.11.2021 21:50
Mathematics, 22.11.2021 21:50
English, 22.11.2021 21:50
Physics, 22.11.2021 21:50
Arts, 22.11.2021 21:50
Social Studies, 22.11.2021 21:50
English, 22.11.2021 21:50
Mathematics, 22.11.2021 21:50
Mathematics, 22.11.2021 21:50
