seed-capabilities.pdf

Cd libcapdirectory make make install question 3

This preview shows page 5 - 7 out of 7 pages.

# cd libcap_directory # make # make install Question 3: Compile the following program, and assign the cap dac read search capability to the executable. Login as a normal user and run the program. Describe and explain your observations. Pegue as de fi nições de funções da listagem abaixo e... (vide a próxima página)
Image of page 5

Subscribe to view the full document.

Laboratory for Computer Security Education 6 / * use_cap.c * / #include <fcntl.h> #include <sys/types.h> #include <errno.h> #include <stdlib.h> #include <stdio.h> #include <linux/capability.h> #include <sys/capability.h> int main(void) { if (open ("/etc/shadow", O_RDONLY) < 0) printf("(a) Open failed\n"); / * Question (a): is the above open sucessful? why? * / if (cap_disable(CAP_DAC_READ_SEARCH) < 0) return -1; if (open ("/etc/shadow", O_RDONLY) < 0) printf("(b) Open failed\n"); / * Question (b): is the above open sucessful? why? * / if (cap_enable(CAP_DAC_READ_SEARCH) < 0) return -1; if (open ("/etc/shadow", O_RDONLY) < 0) printf("(c) Open failed\n"); / * Question (c): is the above open sucessful? why? * / if (cap_drop(CAP_DAC_READ_SEARCH) < 0) return -1; if (open ("/etc/shadow", O_RDONLY) < 0) printf("(d) Open failed\n"); / * Question (d): is the above open sucessful? why? * / if (cap_enable(CAP_DAC_READ_SEARCH) == 0) return -1; if (open ("/etc/shadow", O_RDONLY) < 0) printf("(e) Open failed\n"); / * Question (e): is the above open sucessful? why? * / } The program can be compiled using the following command (note in the second command, the second character in ”-lcap” is ell, not one; it means linking the libcap library): $ gcc -c use_cap.c $ gcc -o use_cap use_cap.o -lcap After you fi nish the above task, please answer the following questions: Question 4: If we want to dynamically adjust the amount of privileges in ACL-based access control, what should we do? Compared to capabilities, which access control is more convenient to do so? Question 5: After a program (running as normal user) disables a capability A, it is compromised by a buffer-over ow attack. The attacker successfully injectes his malicious code into this program’s stack space and starts to run it. Can this attacker use the capability A? What if the process deleted the capability, can the attacker uses the capability? coloque as de fi nições das funções da página anterior aqui, antes da função main()
Image of page 6
Laboratory for Computer Security Education 7 Question 6: The same as the previous question, except replacing the buffer-over ow attack with the race condition attack. Namely, if the attacker exploites the race condition in this program, can he use the capability A if the capability is disabled? What if the capability is deleted? 4 Submission You need to submit a detailed lab report to describe what you have done and what you have observed; you also need to provide explanation to the observations that are interesting or surprising. In your report, you need to answer all the questions listed in this lab.
Image of page 7
  • Fall '19
  • Access control list, Linux kernel, Capability-based security, Principle of least privilege, Computer Security Education

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern