-
One component of a secure system is an authentication mechanism -- the
mechanism used to determine whether the user of a resource is who the
user claims to be. For most systems in common use today, we use passwords
as our authentication mechanism. In the classic UNIX system, all user
passwords are stored in a publically readable file named /etc/passwd, where
each entry contains the following fields:
- login name
- encrypted password
- numerical user and group IDs
- public information (real name and phone number)
- initial working directory
- program to use as shell
Read about authentication in section 4.4.6, and note that the Morris Thompson
authentication method was invented to overcome serious weaknesses of the
original UNIX password scheme!
Consider the following alternative scheme for managing passwords:
Each user's home directory contains a file called .password containing the
following fields:
- encrypted password
- initial working directory
- program to use as shell
The problem, part A:
Propose an allocation of access rights such that the .password file can
only be created by the super-user, is inaccessable to the public, read-only
to the user-authentication program that runs when the user logs in, and
read-write to the user. Assume the UNIX file system is used, and assume
that the authentication program uses the user's name to find the user's
home directory through some means outside of the .password file.
The problem, part B:
Propose appropriate places to store the other information traditionally
stored in the UNIX /etc/password file/, and discuss the security implications
of any accidental disclosure of this other information.
-
The problem:
Read about covert channels (Section 4.5.5) and then propose a way to construct
such a channel under UNIX by modulating and measuring CPU utilization. Be
specific! What must the transmitting process do to send a 1? What must the
transmitting process do to send a 0? What does the receiving process do
to detect whether a 1 or a 0 was sent? For each of these, what specific
system calls would the transmitting or receiving process use to perform the
required functions?
Note: Perfect data transmission through covert channels is frequently
difficult (for example, other processes may modulate the CPU utilization in
as they perform useful computation and useful I/O). There are a class of
data communications methods known as error correcting codes that can be used
to provide any desired level of assurance that the data has been received
correctly in the presence of any level of noise. In the simplest of such
codes, every data bit is sent repeatedly and the recipient accepts the value
represented by the majority of the copies received. You may assume that
higher level software uses some such algorithm to account for noise in the
communications channel.
-
The UNIX system-call interface is obviously not object oriented, and is quite
disordered in its structure. Consider the calls used for operations on an
open file. These include read, write, lseek, ioctl, fcntl and close. Propose
a class hierarchy for open file objects that appropriately captures the fact
that not all operations are applicable to all file types, and that breaks
out the strange functions of ioctl and fcntl in appropriate ways.
-
The Problem:
Section 6.4.3 discusses deadlock recovery methods for resource deadlocks.
One of these is deadlock recovery through killing processes. In a
communicaitons deadlock, this method does not work! There is,
however, an equally simple method of breaking communicatons deadlocks.
What is it?
Hint: Consider a simple system with processes A and B each blocked awaiting
a message from the other. What can you do to unblock one process so that
it can unblock the other?