Assignment 5, due Feb 23

Part of the homework for 22C:169, Spring 2007
by Douglas W. Jones
THE UNIVERSITY OF IOWA Department of Computer Science

Always, on every assignment, please write your name legibly as it appears on your University ID and on the class list! All assignments will be due at the start of class on the day indicated (usually a Friday), and unless there is what insurance companies call "an act of God" - something outside your control; the only exceptions to this rule will be by advance arrangement.

  1. Background: Consider this shell script, stored in the file fibonacci and marked as an executable file: 
    #/bin/tcsh
# fib arg
# outputs the arg'th fibonacci number

if      ($argv <= 1) then
        echo $argv
else
        @ m1 = $argv - 1
        @ m2 = $argv - 2
        @ return = `fib $m1` + `fib $m2`
        echo $return
endif

    The Problem: Explain why this script is or is not vulnerable to a path aliasing attack, that is, vulnerable to an attack by redefinition of the $PATH variable. (1 point)

  2. Background: Consider the directory ~dwjones/.public-html/ and the file ~dwjones/.public-html/index.shtml.

    a) What access rights should the directory have to prevent users from listing that directory while permitting web browsers to open the file. The owner must, of course, keep full access to the directory. (1/2 point)

    b) What access rights should the file have to allow users to list that file (perhaps with a web browser), while the owner retains the right to edit the file. (1/2 point)

    c) Given that the web server itself operates in group apache, what group ownership and access rights should be used so that the file mentioned above is accessible from the web but is not accessible to members of the general public. The answer here is a modification of the answer to part b. (1 point)

    d) What problem does your answer to part c pose? Consider who can set the group ID of the file, who needs to set the group ID of the file and how this might stand in the way of using the solution. (1 point)

  3. A Problem Can you use the system of Unix access rights and directory structure to create a situation where the owner of a file cannot access it while some other user has a link to a file but cannot access it? State your answer by drawing the directory tree from the root to the user's directories (in /Users) and to the file, and then, for each directory and for the file itself, state access rights and file ownership that create this situation. (1 point)