Computers and Technology
Computers and Technology, 01.03.2021 21:50, xxkeyxx51

Alice wants to be able to share read and write access to some of her files (on a unix system) with dynamically changing sets of users. Since she is not root, she can't just construct new groups for each file, nor can she turn on the optional ACL feature available on some Linux systems. So she decides to write setuid programs that will implement ACLs for her friends. Alice designs two setuid, world- executable programs, alice-write and alice-read (e. g., programs that anyone can run as alice ) that work as follows: . /alice-write IN OUT: first checks a permission file written by Alice to make sure that the ruid of the process (the calling user) is allowed to write to the file out. If so, then the program reads the file in and writes it over out.
./alice-read IN OUT: first checks a permission file written by Alice to make sure that the calling user is allowed to read the file in. If so, the the program reads in and writes it to the file out. Assume Alice has been careful in her implementation, i. e., there are no buffer overflows in alice-read and alice-write, the permission file is properly protected (uniquely named in the program and set to permission 0400), the programs accept only file paths listed in the permissions file, and permissions on Alice's files are preserved.
1. Can you find any (21) potential security problems with this approach? Describe them, no code/visuals required. (e. g., suppose Bob can read and write some of Alice's files but not others; can he use alice-write and alice-read to gain access to files he shouldn't? Are there potential attacks that could allow third parties to read/write Alice's files?) (10 points)
2. How could you change interface (e. g., what is passed to the programs) and/or implementation (e. g., the description of the programs) of alice-write and alice-read to avoid your attacks? Describe only, no code necessary. [10 points]

answer
Answers: 3

Other questions on the subject: Computers and Technology

image
Computers and Technology, 22.06.2019 03:00, Emanuelle7843
Which action describes an aspect of technological design?
Answers: 1
image
Computers and Technology, 23.06.2019 02:30, jaueuxsn
Which component acts as a platform on which application software runs
Answers: 2
image
Computers and Technology, 23.06.2019 09:30, GEEKLIFE6598
After you present a proposal, the committee starts asking you questions, some beyond the strict focus of your proposal. they ask questions about implications in other fields and knowledge about other fields. you are asked to redo your proposal. what is most likely missing? breadth of material depth of material clarity of material details of material
Answers: 1
image
Computers and Technology, 24.06.2019 00:50, anthonycraig0205
3. what is the output of the following statements? temporary object1; temporary object2("rectangle", 8.5, 5); temporary object3("circle", 6, 0); temporary object4("cylinder", 6, 3.5); cout < < fixed < < showpoint < < setprecision(2); object1.print(); object2.print(); object3.print(); object4.print(); object1.set("sphere", 4.5, 0); object1.print();
Answers: 1
Do you know the correct answer?
Alice wants to be able to share read and write access to some of her files (on a unix system) with d...

Questions in other subjects:

Konu
Spanish, 25.07.2019 22:30
Konu
Computers and Technology, 25.07.2019 22:30