Operating Systems 2021F: Assignment 3
Please submit the answers to the following questions via Brightspace by November 22 28, 2021 by 11:59 PM. There are 20 points in 10 questions (and one 4 point bonus question).
Submit your answers as a plain text file following this template. Name your answer file "<username>-comp3000-assign3.txt" (where username is your MyCarletonOne username).
Your answers will be parsed by a script in order to help with grading so please preserve the format of the template. Make sure the file remains a plain text file! No other formats will be accepted.
Don't forget to include what outside resources you used to complete each of your answers, including other students, man pages, and web resources. You do not need to list help from the instructor, TA, or information found in the textbook.
Background
In this assignment you'll be working with a "chrooted" environment. We'll create a filesystem, mount it, populate it, and then change the current root directory to it so we can use this environment as if it was a completely separate system.
This mini system is rather bare bones initially and many things won't work. You'll be studying how it is put together and figuring out how to add functionality. You should understand what every line in 3000makefs.sh does, even if there isn't a specific question about it.
Tasks/Questions
Make sure you backup any important files in your VM, as you could erase everything. You've been warned!
- [2] Download and inspect 3000makefs.sh. Is there a risk of data loss from running this script? Specifically, what commands (if any) are potentially dangerous?
- [1] Run 3000makefs.sh. After 3000makefs.sh runs, you're put in a new shell where / is now the contents of 3000fs, and you can't see anything that wasn't in 3000fs. Exiting the shell gets you back to where you were. After exiting, how do you get back to the modified environment?
- [2] Lines 55-59 of 3000makefs.sh is several echo commands. What are these lines doing? Do these lines relate to any other parts of the script?
- [2] What are lines 26-30 for? Is it missing anything? Explain briefly.
- [2] What is the largest file we can create in the confined environment (once initialized by 3000makefs.sh)? What determines this limit?
- [2] If you create files in the confined environment, does it reduce the space available outside of it? How do you know?
- [2] Many files in our confined environment are symbolic links. How did these files get created? Why are they symbolic links and not regular files? Explain their purpose.
- [2] Copy and make nano work in the new environment. What files did you have to copy to get it to work? How did you know to copy them?
- [3] How can you add a user "confined" to 3000fs? Make sure the user also is in a new group "confined" and has a home directory /home/confined (in 3000fs). This user should only be visible when you're in 3000fs's special shell. (If you run id when you regularly log in as student to your VM, there should be no user confined.) Make sure you can run "login confined" and be logged in as the user confined. Confirm this by running whoami.
- [2] How can you mount the main root filesystem inside of the confined environment? What does this say about the security properties of a chroot'd environment?
- [4 EC] Make sshd work inside of the confined environment, listening in on port 2222. You should be able to ssh via localhost into the confined environment. (Outside access probably won't be possible due to restrictions on openstack. Note that I haven't gotten this working yet!) Rather than use openssh as ubuntu uses by default, you may want to try dropbear. Don't install it on the VM using apt, though, as that could mess up regular ssh access.
Code
3000makefs.sh
#!/bin/bash
# 3000makefs.sh
#
# setup a simple chrooted environment in a new
# filesystem (created in a local file)
#
# Initial version by Anil Somayaji
# created November 12, 2021
#
MP='3000fs'
IMAGE='3000fsimage'
BLOCKS=100000
SETUP='3000setupfs.sh'
if [ $UID != 0 ]; then
echo "Please run this script as root."
exit
fi
rm -f $IMAGE
dd if=/dev/zero of=$IMAGE bs=4096 count=$BLOCKS
mkfs.ext4 $IMAGE
if [ -d $MP ]; then
umount -q $MP/proc
umount -q $MP
rm -rf $MP
fi
mkdir $MP
mount $IMAGE $MP
cd $MP
mkdir bin sbin usr usr/bin usr/sbin etc proc sys dev root home lib \
usr/lib lib64 tmp var var/tmp var/lib run lib/terminfo
cp /usr/bin/busybox usr/bin
cp /bin/bash bin
cp /lib64/ld-linux-x86-64.so.2 lib64
cp /sbin/ldconfig* sbin
cp -a /etc/ld.so.conf* etc
cp `ldd /bin/bash | awk '{print $3}'` lib
chmod 1777 tmp var/tmp
cp -a /etc/passwd /etc/shadow /etc/group /etc/gshadow etc
TERMDIR=${TERM:0:1}
mkdir lib/terminfo/$TERMDIR
cp /lib/terminfo/$TERMDIR/$TERM lib/terminfo/$TERMDIR/$TERM
echo '#!/usr/bin/busybox sh' > $SETUP
echo '/usr/bin/busybox --install -s' >> $SETUP
echo '/sbin/ldconfig' >> $SETUP
echo 'mount -t proc proc /proc' >> $SETUP
echo 'mount -t devtmpfs udev /dev' >> $SETUP
chmod 0755 $SETUP
chroot . /$SETUP
rm $SETUP
chroot .