Essay on Lab #1

2053 Words Jul 27th, 2011 9 Pages
Computer science department
Data security – Lab # 1

Lab Description
Set-UID is an important security mechanism in Unix operating systems. When a Set-UID program is run, it assumes the owner’s privileges. For example, if the program’s owner is root, then when anyone runs this program, the program gains the root’s privileges during its execution. Set-UID allows us to do many interesting things, but unfortunately, it is also the culprit of many bad things. Therefore, the objective of this lab is two-fold: • Appreciate its good side: understand why Set-UID is needed and how it is implemented. • Be aware of its bad side: understand its potential security problems.

Lab Tasks

This is an exploration lab. Your main task is to
…show more content…
Since the program is running as a root, it can display any file Eyal specifies. However, since the program has no write operations, Ron is very sure that Eyal cannot use this special program to modify any file.

• Set q = 0 in the program. This way, the program will use system() to invoke the command. Is this program safe? If you were Eyal, can you compromise the integrity of the system? For example, can you remove any file that is not writable to you? (Hint: remember that system() actually invokes /bin/sh, and then runs the command within the shell environment. We have tried the environment variable in the previous task; here let us try a different attack. Please pay attention to the special characters used in a normal shell environment). • Set q = 1 in the program. This way, the program will use execve() to invoke the command. Are your attacks in task (a) still work? Please describe and explain your observations.

6) Relinquishing privileges and cleanup. To be more secure, Set-UID programs usually call setuid() system call to permanently relinquish their root privileges. However, sometimes, this is not enough. Compile the following program, and make the program a set-root-uid program. Run it in a normal user account, and describe what you have observed. Will the file /etc/zzz be modified? Please explain your observation.

Related Documents