Difference between revisions of "Computer Systems Security: Winter 2018 Assignment 1"
Jump to navigation
Jump to search
| Line 6: | Line 6: | ||
<ol> | <ol> | ||
<li>[1] UNIX has users (UIDs) and groups (GIDs). From the kernel's perspective, users and groups are labels applied to what OS-level abstractions?</li> | |||
<li>[2] UNIX file permissions are grouped into three categories, user, group, and other. It it possible for the "other" category to have greater access to a file than the owner of a file? Explain with a brief example.</li> | |||
<li>UNIX has users (UIDs) and groups (GIDs). From the kernel's perspective, users and groups are labels applied to what OS-level abstractions?</li> | <li>[2] What is the difference between read and execute permission on a directory? How can you verify this is the case? | ||
<li>UNIX file permissions are grouped into three categories, user, group, and other. It it possible for the "other" category to have greater access to a file than the owner of a file? Explain with a brief example.</li> | <li>[2] What is the "sticky bit"? What "attack" does the sticky bit prevent? | ||
<li> | <li>[1] What are setuid root binaries?</li> | ||
<li> | <li>[1] Why are setuid root binaries important in most UNIX-like systems?</li> | ||
<li>[1] What is the risk of setuid root binaries? Be specific.</li> | |||
<li>[2] Briefly describe a potential vulnerability in a setuid root binary and how an attacker could exploit it.</li> | |||
<li>What are setuid root binaries?</li> | |||
<li>Why are setuid root binaries important in most UNIX-like systems?</li> | |||
<li>What is the risk of setuid root binaries? Be specific.</li> | |||
<li>Briefly describe a potential vulnerability in a setuid root binary and how an attacker could exploit it.</li | |||
</ol> | </ol> | ||
Revision as of 16:46, 23 January 2018
This assignment is not yet finalized.
Please answer the following questions. Submit your answers as a text or PDF file via cuLearn by January 31, 2018 (date to be confirmed).
Questions
- [1] UNIX has users (UIDs) and groups (GIDs). From the kernel's perspective, users and groups are labels applied to what OS-level abstractions?
- [2] UNIX file permissions are grouped into three categories, user, group, and other. It it possible for the "other" category to have greater access to a file than the owner of a file? Explain with a brief example.
- [2] What is the difference between read and execute permission on a directory? How can you verify this is the case?
- [2] What is the "sticky bit"? What "attack" does the sticky bit prevent?
- [1] What are setuid root binaries?
- [1] Why are setuid root binaries important in most UNIX-like systems?
- [1] What is the risk of setuid root binaries? Be specific.
- [2] Briefly describe a potential vulnerability in a setuid root binary and how an attacker could exploit it.