Access control lists (ACLs) and capabilites were discussed in the lecture on access control. This question asks you to make some comparisons between these two approaches. Assume you have n users, named Alice, Bob, Carol, David, ... Xavier, Yves, Zena, ... and m files.
Suppose that UNIX user A (not root) starts program B which execs program C. Assume that the file containing program B does not have setuid or setguid bits set. However, the file containing program C has the setuid bit set and the owner of the file is D. What are the real user id (RUID), effective user id (EUID), and saved user id (SUID) of program B and program C? If D is not root, then what changes can program C make to its RUID and EUID? Just list the set of possible values for each; do not describe all the possible system calls for all the different versions of UNIX. If D is root, what changes can be made? Explain why the designers of program C might use system calls to change the user id if D is root.
Faq-O-Matic is a CGI-based system that automates the process of maintaining a FAQ (Frequently Asked Questions list). Among other features, this software allows visitors to your FAQ to take part in keeping it up-to-date. A Faq-O-matic web site has numbered pages, with a url of the form http://www.website.net/cgi-bin/faqomatic/fom?file=10 taking the visitor to page 10. If a browser attempts to retrieve a page http://www.website.net/cgi-bin/faqomatic/fom?file=n and there is no page named n.html, then Faq-O-Matic will return html to the browser that contains the error message There is no page n. Explain some attacks that could be carried out using Faq-O-Matic (as it is described here), either against an FAQ managed using Faq-O-Matic, or a user of such a site. Be as specific as you can about what you send to Faq-O-Matic, what you post to an unsuspecting user, and so on.
Suppose you are the security administrator for a popular web site. You are aware that the developers who wrote the code for the site were not security conscious. As a first step you decide to defend against SQL injection attacks. What would you do?
Recall that in the EFS encrypting file system, every file F is encrypted using a file key KF which is in turn encrypted using the user's public key. User A gives user B access to the file by adding an encryption of KF under B's public key to the file meta-data.
Suppose you maintain a file server and perform a regularly-scheduled virus scan of all files on the server. Users of the server decide to protect some of their files using an encrypted file system. What problem does this present? Describe how you would solve this problem for CFS and for EFS. Explain the relative advantages and disadvantages of each file system in this situation.