Computer Systems Security: Winter 2018 Assignment 1
This assignment is not yet finalized.
Please answer the following questions. Submit your answers as a text or PDF file via cuLearn by January 31, 2018 (date to be confirmed).
Questions
- Classic UNIX permissions
- UNIX has users (UIDs) and groups (GIDs). From the kernel's perspective, users and groups are labels applied to what OS-level abstractions?
- UNIX file permissions are grouped into three categories, user, group, and other. It it possible for the "other" category to have greater access to a file than the owner of a file? Explain with a brief example.
- setuid root binaries (4 points)
- What are setuid root binaries?
- Why are setuid root binaries important in most UNIX-like systems?
- What is the risk of setuid root binaries? Be specific.
- Briefly describe a potential vulnerability in a setuid root binary and how an attacker could exploit it.