Computer Systems Security: Winter 2018 Assignment 1

From Soma-notes
Revision as of 20:46, 23 January 2018 by Soma (talk | contribs) (→‎Questions)

This assignment is not yet finalized.

Please answer the following questions. Submit your answers as a text or PDF file via cuLearn by January 31, 2018 (date to be confirmed).

Questions

  1. [1] UNIX has users (UIDs) and groups (GIDs). From the kernel's perspective, users and groups are labels applied to what OS-level abstractions?
  2. [2] UNIX file permissions are grouped into three categories, user, group, and other. It it possible for the "other" category to have greater access to a file than the owner of a file? Explain with a brief example.
  3. [2] What is the difference between read and execute permission on a directory? How can you verify this is the case?
  4. [2] What is the "sticky bit"? What "attack" does the sticky bit prevent?
  5. [1] What are setuid root binaries?
  6. [1] Why are setuid root binaries important in most UNIX-like systems?
  7. [1] What is the risk of setuid root binaries? Be specific.
  8. [2] Briefly describe a potential vulnerability in a setuid root binary and how an attacker could exploit it.