11.12 Identify several concerns associated with the use of environment variables by shell scripts. Environment variables are a collection of string values inherited by each process from its parent, that can affect the way a running process behaves. The operating system includes these in the processes memory when it is constructed. Well known environment variables include the variable PATH which specifies the set of directories to search for any given command, IFS which specifies the word boundaries in a shell script, and LD_LIBRARY_PATH which specifies the list of directories to search for dynamically loadable libraries. All of these have been used to attack programs, and especially privileged shell scripts. The attacker changes the values of one or more of these, then calls a script running with other (higher) privileges, which is then “tricked” into running a program or loading a library of the attackers choice as a result. 11.13 Define the principle of least privilege.
The principle of least privilege states that programs should execute with the least amount of privileges needed to complete their function. 11.14 Identify several issues associated with the correct creation and use of a lockfile. There are several issues associated with the correct creation and use of a lockfile. Firstly it is purely advisory, since all programs using this form of synchronization must cooperate. A more serious flaw can occur in its implementation, if it fails to atomically both check that the lockfile does not exist, and also then create it. 11.15 Identify several issues associated with the correct creation and use of a temporary file in a shared directory. There are several issues associated with the correct creation and use of a temporary file in a shared directory, as they must be both unique, and not accessed by other processes. An attacker may attempt to guess the temporary filename a privileged program will use, and then attempt to create their own version in the interval between the program checking the file does not exist, and subsequently creating it. Secure temporary file creation and use requires the use of a random temporary filename, and its checking and creation using an atomic system primitive, similar to the creation of a lockfile. 11.16 List some problems that may result from a program sending unvalidated input from one user to another user. Problems that may result from a program sending unvalidated input from one user to another user if the output does not conform to the expected form and interpretation by the recipient. A program may accept input from one user, save it, and subsequently display it to another user. If this input contains content that alters the behavior of the program or device displaying this data,
You've reached the end of your free preview.
Want to read all 12 pages?
- Winter '15