Assignment 3, due Feb 19
Part of
the homework for 22C:169, Spring 2010
|
Always, on every assignment, please write your name legibly as it appears on your University ID and on the class list! All assignments will be due at the start of class on the day indicated (usually a Friday), and unless there is what insurance companies call "an act of God" - something outside your control; the only exceptions to this rule will be by advance arrangement.
There are two issues: how parameter types are encoded, and how the application goes about providing the encodings to the system. Here, we focus on the former. Suppose parameter types are specified as BRE POSIX regular expressions. For background, check the Wikipedia entry for Regular expression.
a) Give a regular expression that specifies a numeric parameter or explain why it cannot be done. (0.5 points)
b) Give a regular expression that specifies a Unix-style file name with slashes separating pathname components, or explain why it cannot be done. (0.5 points)
c) Give a regular expression that specifies a string where any parentheses in the string are balanced, or explain why it cannot be done. (0.5 points)
a) Which of the above schemes would help you protect a shell script from an injection attack? (0.5 points)
b) Which of the above schemes would allow the shell to offer useful error messages to an interactive user when the user makes a typo in the parameter list of an application? (0.5 points)
c) Which of the above schemes would allow applications the freedom to include variable-length argument lists? (0.5 points)
#!/bin/tcsh @ params = $#argv @ count = 1 while ($count <= $params) if ($argv[$count] == -) echo '- option encountered' else echo "normal argument" endif end
This is a skeleton for a shell script that recognizes options among its argument list and processes each of its arguments in sequence. In a real application, the echo commands would be replaced by useful application code.
a) Identify how this code could be vulnerable to an injection attack. A complete solution should include a demonstration attack that will force the script to execute an arbitrary shell command. (1.0 point)
b) Modify the script to deter the attack, and comment on whether the modification is itself vulnerable or whether there are further possible attacks. (1.0 point)