Computers and Technology
Computers and Technology, 01.03.2021 21:50, xxkeyxx51

Alice wants to be able to share read and write access to some of her files (on a unix system) with dynamically changing sets of users. Since she is not root, she can't just construct new groups for each file, nor can she turn on the optional ACL feature available on some Linux systems. So she decides to write setuid programs that will implement ACLs for her friends. Alice designs two setuid, world- executable programs, alice-write and alice-read (e. g., programs that anyone can run as alice ) that work as follows: . /alice-write IN OUT: first checks a permission file written by Alice to make sure that the ruid of the process (the calling user) is allowed to write to the file out. If so, then the program reads the file in and writes it over out.
./alice-read IN OUT: first checks a permission file written by Alice to make sure that the calling user is allowed to read the file in. If so, the the program reads in and writes it to the file out. Assume Alice has been careful in her implementation, i. e., there are no buffer overflows in alice-read and alice-write, the permission file is properly protected (uniquely named in the program and set to permission 0400), the programs accept only file paths listed in the permissions file, and permissions on Alice's files are preserved.
1. Can you find any (21) potential security problems with this approach? Describe them, no code/visuals required. (e. g., suppose Bob can read and write some of Alice's files but not others; can he use alice-write and alice-read to gain access to files he shouldn't? Are there potential attacks that could allow third parties to read/write Alice's files?) (10 points)
2. How could you change interface (e. g., what is passed to the programs) and/or implementation (e. g., the description of the programs) of alice-write and alice-read to avoid your attacks? Describe only, no code necessary. [10 points]

answer
Answers: 3

Other questions on the subject: Computers and Technology

image
Computers and Technology, 21.06.2019 22:00, clairajogriggsk
Signal sets company contracts to deliver one hundred 52-inch plasma high-definition television sets to a new retail customer, tuner tv store, on may 1, with payment to be made on delivery. signal tenders delivery in its own truck. tuner's manager notices that some of the cartons have scrape marks. tuner's owner phones signal's office and asks whether the sets might have been damaged as they were being loaded. signal assures tuner that the sets are in perfect condition. tuner tenders signal a check, which signal refuses, claiming that the first delivery to new customers is always for cash. tuner promises to pay the cash within two days. signal leaves the sets with tuner, which stores them in its warehouse pending its "grand opening sale" on may 15. two days later, tuner's stocker opens some of the cartons and discovers that a number of the sets are damaged beyond ordinary repair. signal claims tuner has accepted the sets and is in breach by not paying on delivery. will signal succeed on these claims? explain.
Answers: 1
image
Computers and Technology, 22.06.2019 20:40, broang23
Write a program that begins by reading in a series of positive integers on a single line of input and then computes and prints the product of those integers. integers are accepted and multiplied until the user enters an integer less than 1. this final number is not part of the product. then, the program prints the product. if the first entered number is negative or 0, the program must print “bad input.” and terminate immediately. next, the program determines and prints the prime factorization of the product, listing the factors in increasing order. if a prime number is not a factor of the product, then it
Answers: 2
image
Computers and Technology, 23.06.2019 02:00, kayladgranger
Which demographic challenge is europe currently experiencing? a. an aging and decreasing population b. a baby boomc. an unequal distribution between males and females d. a large group of teenagers moving through the school system(i chose a but i'm unsure)
Answers: 1
image
Computers and Technology, 23.06.2019 21:00, tiffg2588
Will this setup result in what kathy wants to print?
Answers: 2
Do you know the correct answer?
Alice wants to be able to share read and write access to some of her files (on a unix system) with d...

Questions in other subjects:

Konu
English, 01.04.2021 22:20
Konu
Mathematics, 01.04.2021 22:30