Assignment 5, solutions

Part of the homework for 22C:169, Spring 2007
by Douglas W. Jones
THE UNIVERSITY OF IOWA Department of Computer Science

Background: Consider this shell script, stored in the file fibonacci and marked as an executable file:
```
#/bin/tcsh
# fib arg
# outputs the arg'th fibonacci number

if      ($argv <= 1) then
        echo $argv
else
        @ m1 = $argv - 1
        @ m2 = $argv - 2
        @ return = `fib $m1` + `fib $m2`
        echo $return
endif
```
The Problem: Explain why this script is or is not vulnerable to a path aliasing attack, that is, vulnerable to an attack by redefinition of the $PATH variable. (1 point)

The script is vulnerable because of the presense of the command "echo" which is susceptible to a path aliasing attack. Rewriting it as /bin/echo would eliminate this vulnerability.
Background: Consider the directory ~dwjones/.public-html/ and the file ~dwjones/.public-html/index.shtml.
a) What access rights should the directory have to prevent users from listing that directory while permitting web browsers to open the file. The owner must, of course, keep full access to the directory. (1/2 point)

drwx-----x (The group is irrelevant).

b) What access rights should the file have to allow users to list that file (perhaps with a web browser), while the owner retains the right to edit the file. (1/2 point)

rw----r-- (The group is irrelevant).

c) Given that the web server itself operates in group apache, what group ownership and access rights should be used so that the file mentioned above is accessible from the web but is not accessible to members of the general public. The answer here is a modification of the answer to part b. (1 point)

The group ownership is apache.
rw-r-----.

d) What problem does your answer to part c pose? Consider who can set the group ID of the file, who needs to set the group ID of the file and how this might stand in the way of using the solution. (1 point)

The problem is, since the owner 'jones' is not a member of the group apache, he cannot set his file to have these access rights.
A Problem Can you use the system of Unix access rights and directory structure to create a situation where the owner of a file cannot access it while some other user has a link to a file but cannot access it? State your answer by drawing the directory tree from the root to the user's directories (in /Users) and to the file, and then, for each directory and for the file itself, state access rights and file ownership that create this situation. (1 point)

The following scenario shows the possibility for the situation mentioned in the question.
Suppose the owner is akampoow and the file is /users/akampoow/myfiles/noaccess.txt; the rights on this file are rwx------
Now, the user jones executes the following command:
ln /users/akampoow/myfiles/noaccess.txt /users/jones/new
This creates a hard link to noaccess.txt from the home directory for jones. The rights on the directory /users/jones are rwx------
Now, the user akampoow executes the command
rm /users/akampoow/myfiles/noaccess.txt
At this point, the file exists in the directory /users/jones but the user jones cannot access the file because the file access rights prevent any access by users other than akampoow. The user akampoow cannot access the file because the only link to that file is from /users/jones and that directory can only be used by the user jones.
Note that there is no way for akampoow to regain access to this file without the cooperation of the user jones, nor can jones gain access without first allowing akampoow to regain access to this file.
(The simpler scenario where akampoow sets the access rights to --------- is trivial and uninteresting because akampoow can trivially regain access by unilateral actions.)