Operating Systems 2021F: Assignment 3

From Soma-notes
Jump to navigation Jump to search

Please submit the answers to the following questions via Brightspace by November 22 28, 2021 by 11:59 PM. There are 20 points in 10 questions (and one 4 point bonus question).

Submit your answers as a plain text file following this template. Name your answer file "<username>-comp3000-assign3.txt" (where username is your MyCarletonOne username).

Your answers will be parsed by a script in order to help with grading so please preserve the format of the template. Make sure the file remains a plain text file! No other formats will be accepted.

Don't forget to include what outside resources you used to complete each of your answers, including other students, man pages, and web resources. You do not need to list help from the instructor, TA, or information found in the textbook.

Background

In this assignment you'll be working with a "chrooted" environment. We'll create a filesystem, mount it, populate it, and then change the current root directory to it so we can use this environment as if it was a completely separate system.

This mini system is rather bare bones initially and many things won't work. You'll be studying how it is put together and figuring out how to add functionality. You should understand what every line in 3000makefs.sh does, even if there isn't a specific question about it.

Tasks/Questions

Make sure you backup any important files in your VM, as you could erase everything. You've been warned!

  1. [2] Download and inspect 3000makefs.sh. Is there a risk of data loss from running this script? Specifically, what commands (if any) are potentially dangerous?
  2. [1] Run 3000makefs.sh. After 3000makefs.sh runs, you're put in a new shell where / is now the contents of 3000fs, and you can't see anything that wasn't in 3000fs. Exiting the shell gets you back to where you were. After exiting, how do you get back to the modified environment?
  3. [2] Lines 55-59 of 3000makefs.sh is several echo commands. What are these lines doing? Do these lines relate to any other parts of the script?
  4. [2] What are lines 26-30 for? Is it missing anything? Explain briefly.
  5. [2] What is the largest file we can create in the confined environment (once initialized by 3000makefs.sh)? What determines this limit?
  6. [2] If you create files in the confined environment, does it reduce the space available outside of it? How do you know?
  7. [2] Many files in our confined environment are symbolic links. How did these files get created? Why are they symbolic links and not regular files? Explain their purpose.
  8. [2] Copy and make nano work in the new environment. What files did you have to copy to get it to work? How did you know to copy them?
  9. [3] How can you add a user "confined" to 3000fs? Make sure the user also is in a new group "confined" and has a home directory /home/confined (in 3000fs). This user should only be visible when you're in 3000fs's special shell. (If you run id when you regularly log in as student to your VM, there should be no user confined.) Make sure you can run "login confined" and be logged in as the user confined. Confirm this by running whoami.
  10. [2] How can you mount the main root filesystem inside of the confined environment? What does this say about the security properties of a chroot'd environment?
  11. [4 EC] Make sshd work inside of the confined environment, listening in on port 2222. You should be able to ssh via localhost into the confined environment. (Outside access probably won't be possible due to restrictions on openstack. Note that I haven't gotten this working yet!) Rather than use openssh as ubuntu uses by default, you may want to try dropbear. Don't install it on the VM using apt, though, as that could mess up regular ssh access.

Code

3000makefs.sh

 1 #!/bin/bash
 2 
 3 # 3000makefs.sh
 4 #
 5 # setup a simple chrooted environment in a new
 6 # filesystem (created in a local file)
 7 #
 8 # Initial version by Anil Somayaji
 9 # created November 12, 2021
10 #
11 
12 MP='3000fs'
13 IMAGE='3000fsimage'
14 BLOCKS=100000
15 SETUP='3000setupfs.sh'
16 
17 if [ $UID != 0 ]; then
18     echo "Please run this script as root."
19     exit
20 fi
21 
22 rm -f $IMAGE
23 dd if=/dev/zero of=$IMAGE bs=4096 count=$BLOCKS
24 mkfs.ext4 $IMAGE
25 
26 if [ -d $MP ]; then
27     umount -q $MP/proc
28     umount -q $MP
29     rm -rf $MP
30 fi
31 
32 mkdir $MP
33 mount $IMAGE $MP
34 cd $MP
35 
36 mkdir bin sbin usr usr/bin usr/sbin etc proc sys dev root home lib \
37       usr/lib  lib64 tmp var var/tmp var/lib run lib/terminfo
38 cp /usr/bin/busybox usr/bin
39 
40 cp /bin/bash bin
41 cp /lib64/ld-linux-x86-64.so.2 lib64
42 cp /sbin/ldconfig* sbin
43 cp -a /etc/ld.so.conf* etc
44 
45 cp `ldd /bin/bash | awk '{print $3}'` lib
46 
47 chmod 1777 tmp var/tmp
48 
49 cp -a /etc/passwd /etc/shadow /etc/group /etc/gshadow etc
50 
51 TERMDIR=${TERM:0:1}
52 mkdir lib/terminfo/$TERMDIR
53 cp /lib/terminfo/$TERMDIR/$TERM lib/terminfo/$TERMDIR/$TERM
54 
55 echo '#!/usr/bin/busybox sh' > $SETUP
56 echo '/usr/bin/busybox --install -s' >> $SETUP
57 echo '/sbin/ldconfig' >> $SETUP
58 echo 'mount -t proc proc /proc' >> $SETUP
59 echo 'mount -t devtmpfs udev /dev' >> $SETUP
60 
61 chmod 0755 $SETUP
62 chroot . /$SETUP
63 rm $SETUP
64 chroot .

Solutions

Assignment 3 solutions