Difference between revisions of "Computer Systems Security: Winter 2018 Experiences"
| Line 3: | Line 3: | ||
===Replacement passwd program=== | ===Replacement passwd program=== | ||
Try to write a replacement for <tt>passwd</tt> that is standard on most UNIX-like systems (such as most Linux distributions). Your program can be written in any language; if you write it in a scripting language, however, you may have to use a C wrapper in order to make it work as setuid root. | |||
Creating a properly hashed password may be tricky; as a stepping stone towards <tt>passwd</tt>, try writing <tt>chsh</tt> (change shell) or <tt>chfn</tt> (change finger information). | |||
You only need to provide basic functionality. The only command line argument your program must take is an optional username. Note that your <tt>passwd</tt> program should only allow root to change an arbitrary user's password; otherwise, it should only allow changing of the password for the current user. | |||
Optionally, try to drop all unnecessary privileges. You may need to install libcap (libcap-dev on Debian/Ubuntu systems) so you can use <tt>cap_get_proc()</tt> and <tt>cap_set_proc()</tt>. | |||
===Controlling network access=== | ===Controlling network access=== | ||
What privileges are required for networking? | |||
what operations require higher privileges. | |||
at first distinction, it may seems simple (users can use the network, root can modify) | |||
however it is more complex. Can an application set up connection to a new wifi access point? | |||
Revision as of 17:39, 23 January 2018
Doing
Replacement passwd program
Try to write a replacement for passwd that is standard on most UNIX-like systems (such as most Linux distributions). Your program can be written in any language; if you write it in a scripting language, however, you may have to use a C wrapper in order to make it work as setuid root.
Creating a properly hashed password may be tricky; as a stepping stone towards passwd, try writing chsh (change shell) or chfn (change finger information).
You only need to provide basic functionality. The only command line argument your program must take is an optional username. Note that your passwd program should only allow root to change an arbitrary user's password; otherwise, it should only allow changing of the password for the current user.
Optionally, try to drop all unnecessary privileges. You may need to install libcap (libcap-dev on Debian/Ubuntu systems) so you can use cap_get_proc() and cap_set_proc().
Controlling network access
What privileges are required for networking?
what operations require higher privileges.
at first distinction, it may seems simple (users can use the network, root can modify)
however it is more complex. Can an application set up connection to a new wifi access point?