Always, on every assignment, please write your name legibly as it appears
on your University ID and on the class list! All assignments will be due
at the start of class on the day indicated, and unless there is what
insurance companies call "an act of God" - something outside your
control; the only exceptions to this rule will be by advance arrangement.
-
Password spoofing is an old idea. In the days of timesharing systems, people
would write programs that behaved like the login prompt and leave them running
on terminals in student labs. Someone walking up to the terminal would type
in their user ID and password and then the program would harvest the password
and then give the right error message (incorrect password, try again) before
exiting, terminating the attacker's session, and allowing the real login
program to run.
a) Modern "phishing" attacks on the Internet can be viewed as a variant on this
attack. Explain how they are analogous, and explain how they differ from
this.
b) What procedural defense would you have recommended to users of such a
timesharing system to avoid being taken in by such an attack.
-
Parts of the UNIX access control mechanism for disk files resemble access
control lists,
while other parts of the UNIX access control mechanism resemble capability
lists. (Such hybrid systems are fairly common.) Think through the material
presented about the UNIX system at the start of the semester and try
to identify the parts that most resemble one or the other of these basic
models.
-
Consider the machine problem due in 2 weeks to write a new UNIX password
authenticator based on a .passwd file in each user's home directory.
Design the data format for the file, and write a program that opens this
file, extracts the data, and distributes it to internal variables in a form
that is ready for use in the system calls your program will need to execute
in order to launch the user's preferred shell. Attend to the problem of
making the file format managable using a text editor.
Turn in a listing of your code, with sufficient documentation that someone
rewriting your program could figure out the file format.