Operating Systems 2021F: Assignment 3
This assignment is still being developed.
Please submit the answers to the following questions via Brightspace by November 23, 2021 by 10 AM. There are ?? points in ?? questions.
Submit your answers as a plain text file following this template. Name your answer file "<username>-comp3000-assign3.txt" (where username is your MyCarletonOne username).
Your answers will be parsed by a script in order to help with grading so please preserve the format of the template. Make sure the file remains a plain text file! No other formats will be accepted.
Don't forget to include what outside resources you used to complete each of your answers, including other students, man pages, and web resources. You do not need to list help from the instructor, TA, or information found in the textbook.
Background
In this assignment you'll be working with a "chrooted" environment. We'll create a filesystem, mount it, populate it, and then change the current root directory to it so we can use this environment as if it was a completely separate system.
This mini system is rather bare bones initially and many things won't work. You'll be studying how it is put together and figuring out how to add functionality.
Tasks/Questions
Make sure you backup any important files in your VM, as you could erase everything. You've been warned!
- [2] Download and inspect 3000makefs.sh. Is there a risk of data loss from running this script? Specifically, what commands (if any) are potentially dangerous?
- [2] Run 3000makefs.sh. Note how it makes a new filesystem in a file, mounts it, and does some initialization. What command creates most of the files in the new filesystem? How do you know? (Suggestion: study each command by running them one at a time and seeing what they do.)
- [1] After 3000makefs.sh runs, you're put in a new shell where / is now the contents of 3000fs, and you can't see anything that wasn't in 3000fs. Exiting the shell gets you back to where you were. After exiting, how do you get back to the modified environment?
- [2] Note that if you run the "id" command in your new shell, it doesn't know the name of any usernames or groups. Copy files from the rest of the system into 3000fs to restore usernames and group names. What files did you copy?
- [2] Copy and make nano work in the new environment. What files did you have to copy to get it to work? How did you know to copy them?
- [2] Lines 53-57 of 3000makefs.sh is several echo commands. What are these lines doing? Do these lines relate to any other parts of the script?
- [2] What are lines 26-29 for? Is it missing anything? Explain briefly.
- [3] How can you add a user "confined" to 3000fs? Make sure the user also is in a new group "confined" and has a home directory /home/confined (in 3000fs). This user should only be visible when you're in 3000fs's special shell. (If you run id when you regularly log in as student to your VM, there should be no user confined.) Make sure you can run "su - confined" and be logged in as the user confined.
- [2] How can you mount the main root filesystem inside of the confined environment? What does this say about the security properties of a chroot'd environment?
Code
3000makefs.sh
#!/bin/bash
# 3000makefs.sh
#
# setup a simple chrooted environment in a new
# filesystem (created in a local file)
#
# Initial version by Anil Somayaji
# created November 12, 2021
#
MP='3000fs'
IMAGE='3000fsimage'
BLOCKS=100000
SETUP='3000setupfs.sh'
if [ $UID != 0 ]; then
echo "Please run this script as root."
exit
fi
rm -f $IMAGE
dd if=/dev/zero of=$IMAGE bs=4096 count=$BLOCKS
mkfs.ext4 $IMAGE
if [ -d $MP ]; then
umount -q $MP/proc
umount -q $MP
fi
rm -rf $MP
mkdir $MP
mount $IMAGE $MP
cd $MP
mkdir bin sbin usr usr/bin usr/sbin etc proc sys dev root home lib \
usr/lib lib64 tmp var var/tmp var/lib run lib/terminfo
cp /usr/bin/busybox usr/bin
cp /bin/bash bin
cp /lib64/ld-linux-x86-64.so.2 lib64
cp /sbin/ldconfig* sbin
cp -a /etc/ld.so.conf* etc
cp `ldd /bin/bash | awk '{print $3}'` lib
chmod 1777 tmp var/tmp
TERMDIR=${TERM:0:1}
mkdir lib/terminfo/$TERMDIR
cp /lib/terminfo/$TERMDIR/$TERM lib/terminfo/$TERMDIR/$TERM
echo '#!/usr/bin/busybox sh' > $SETUP
echo '/usr/bin/busybox --install -s' >> $SETUP
echo '/sbin/ldconfig' >> $SETUP
echo 'mount -t proc proc /proc' >> $SETUP
echo 'mount -t devtmpfs udev /dev' >> $SETUP
chmod 0755 $SETUP
chroot . /$SETUP
rm $SETUP
chroot .