Sunday, December 1, 2019
Lab #1 free essay sample
For the investigation purpose, Eyal needs to be able to read all the files in the companyââ¬â¢s Unix system; on the other hand, to protect the integrity of the system, Eyal should not be able to modify any file. To achieve this goal, Ron, the superuser of the system, wrote a special set-root-uid program (see below), and then gave the executable permission to Eyal. This program requires Eyal to type a file name at the command line, and then it will run /bin/cat to display the specified file. Since the program is running as a root, it can display any file Eyal specifies. However, since the program has no write operations, Ron is very sure that Eyal cannot use this special program to modify any file. â⬠¢ Set q = 0 in the program. This way, the program will use system() to invoke the command. Is this program safe? If you were Eyal, can you compromise the integrity of the system? For example, can you remove any file that is not writable to you? (Hint: remember that system() actually invokes /bin/sh, and then runs the command within the shell environment. We will write a custom essay sample on Lab #1 or any similar topic specifically for you Do Not WasteYour Time HIRE WRITER Only 13.90 / page We have tried the environment variable in the previous task; here let us try a different attack.Please pay attention to the special characters used in a normal shell environment). â⬠¢ Set q = 1 in the program. This way, the program will use execve() to invoke the command. Are your attacks in task (a) still work? Please describe and explain your observations. 6) Relinquishing privileges and cleanup. To be more secure, Set-UID programs usually call setuid() system call to permanently relinquish their root privileges. However, sometimes, this is not enough. Compile the following program, and make the program a set-root-uid program. Run it in a normal user account, and describe what you have observed. Will the file /etc/zzz be modified?Please explain your observation. Advanced Set-uid security If your program must run setuid or setgid, make sure to use the privileges properly so that an attacker cannot exploit other possible vulnerabilities in your program and gain these additional privileges. You should perform whatever work requires the additional privileges as early in the program as possible, and you should drop the extra privileges immediately after that work is done. While many programmers may be aware of the need to drop privileges, many more are not. Worse, those who do know to drop privileges rarely know how to do so properly and securely.Dropping privileges is tricky business because the semantics of the system calls to manipulate IDs for setuid/setgid vary from one Unix variant to anotherââ¬âsometimes only slightly, but often just enough to make the code that works on one system fail on another. On modern Unix systems, the extra privileges resulting from using the setuid or setgid bits on an executable can be dropped either temporarily or permanently. It is best if your program can do what it needs to with elevated privileges, then drop those privileges permanently, but thats not always possible.If you must be able to restore the extra privileges, you will need to be especially careful in your program to do everything possible to prevent an attacker from being able to take control of those privileges. We strongly advise against dropping privileges only temporarily. You should do everything possible to design your program such that it can drop privileges permanently as quickly as possible. We do recognize that its not always possible to doââ¬âthe Unix passwd command is a perfect example: the last thing it does is use its extra privileges to write the new password to the password file, and it cannot do it any sooner.Data Type: uid_t This is an integer data type used to represent user IDs. In the GNU library, this is an alias for unsigned int. Data Type: gid_t This is an integer data type used to represent group IDs. In the GNU library, this is an alias for unsigned int. Function: uid_t getuid (void) The getuid function returns the real user ID of the process. Function: gid_t getgid (void) The getgid function returns the real group ID of the process. Function: uid_t geteuid (void) The geteuid function returns the effective user ID of the process. Function: gid_t getegid (void) The getegid function returns the effective group ID of the process.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.