Computer Systems Security: Winter 2018 Assignment 1: Difference between revisions

From Soma-notes
Created page with "'''This assignment is not yet finalized.''' Please answer the following questions. Submit your answers as a text or PDF file via cuLearn by January 31, 2018 (date to be conf..."
 
Line 6: Line 6:


<ol>
<ol>
<li>'''Classic UNIX permissions'''</li>
  <ol style="list-style-type:lower-alpha">
  <li>UNIX has users (UIDs) and groups (GIDs).  From the kernel's perspective, users and groups are labels applied to what OS-level abstractions?</li>
  <li>UNIX file permissions are grouped into three categories, user, group, and other.  It it possible for the "other" category to have greater access to a file than the owner of a file?  Explain with a brief example.</li>
  <li>
  <li>
  </ol>
<li>'''setuid root binaries''' (4 points)</li>
<li>'''setuid root binaries''' (4 points)</li>
   <ol style="list-style-type:lower-alpha">
   <ol style="list-style-type:lower-alpha">

Revision as of 19:59, 23 January 2018

This assignment is not yet finalized.

Please answer the following questions. Submit your answers as a text or PDF file via cuLearn by January 31, 2018 (date to be confirmed).

Questions

  1. Classic UNIX permissions
    1. UNIX has users (UIDs) and groups (GIDs). From the kernel's perspective, users and groups are labels applied to what OS-level abstractions?
    2. UNIX file permissions are grouped into three categories, user, group, and other. It it possible for the "other" category to have greater access to a file than the owner of a file? Explain with a brief example.
  2. setuid root binaries (4 points)
    1. What are setuid root binaries?
    2. Why are setuid root binaries important in most UNIX-like systems?
    3. What is the risk of setuid root binaries? Be specific.
    4. Briefly describe a potential vulnerability in a setuid root binary and how an attacker could exploit it.