Computer Systems Security: Winter 2018 Assignment 1: Difference between revisions
Line 7: | Line 7: | ||
<ol> | <ol> | ||
<li>[1] UNIX has users (UIDs) and groups (GIDs). From the kernel's perspective, users and groups are labels applied to what kernel-level abstractions?</li> | <li>[1] UNIX has users (UIDs) and groups (GIDs). From the kernel's perspective, users and groups are labels applied to what kernel-level abstractions?</li> | ||
<li>[2] UNIX file permissions are grouped into three categories, user, group, and other. | <li>[2] UNIX file permissions are grouped into three categories, user, group, and other. Is it possible for the "other" category to have greater access to a file than the owner of a file? Explain with a brief example.</li> | ||
<li>[2] What is the difference between read and execute permission on a directory? How can you verify this is the case? | <li>[2] What is the difference between read and execute permission on a directory? How can you verify this is the case? | ||
<li>[2] What is the "sticky bit"? What "attack" does the sticky bit prevent? | <li>[2] What is the "sticky bit"? What "attack" does the sticky bit prevent? |
Revision as of 15:16, 31 January 2018
Please answer the following questions. There are 13 questions with 20 points. Submit your answers as a text or PDF file via cuLearn by January 31, 2018 at 11:55 PM. Be sure to put your name and student number at the beginning of your submission.
When answering each question, please indicate the sources of your answer. This could be a man page, your own experiments, discussion with a friend, or a website. Please list all your sources. You are allowed to collaborate; such collaboration should be clearly documented! If you already know an answer because of background knowledge you had before the class, that is fine, just state that this is the case.
Questions
- [1] UNIX has users (UIDs) and groups (GIDs). From the kernel's perspective, users and groups are labels applied to what kernel-level abstractions?
- [2] UNIX file permissions are grouped into three categories, user, group, and other. Is it possible for the "other" category to have greater access to a file than the owner of a file? Explain with a brief example.
- [2] What is the difference between read and execute permission on a directory? How can you verify this is the case?
- [2] What is the "sticky bit"? What "attack" does the sticky bit prevent?
- [1] What are setuid root binaries?
- [1] Why are setuid root binaries important in most UNIX-like systems?
- [1] What is the risk of setuid root binaries? Be specific.
- [2] Briefly describe a potential vulnerability in a setuid root binary and how an attacker could exploit it.
- [1] TCP wrappers and host-based firewalls defend against similar threats. What type of threats do they protect against?
- [1] What is the key technical difference between how TCP wrappers and host-based firewalls work?
- [2] How does the behavior of your system change when you connect to a VPN? How can you verify that a VPN is working as it should?
- [2] How does a VPN improve the security of an organization? What is the fundamental limitation of a defense strategy organized around VPNs?
- [2] What VPN software does Carleton use? What is a specific (functional) benefit you can get when you use the Carleton VPN?