Information Assurance

Clay Shields


front | classes | research | personal | contact

Information Assurance

back to projects page

For this assignment, you will be writing a program that provides password access to a file on the class linux system. You should use the programming skills you currently have, and avoid researching secure computing topics unless needed.

Like unix, linux uses the suid bit on files to provide a method of changing domains. Programs that need to run at a privilege level that is higher that that of an individual user are often owned by root and have the suid bit set, so that when they run, they run with root's privilege level. It is possible for others to provide access to their user domain using suid programs as well. (Check out page 145 of the text for more on suid programs).

You have been given another account on ia-class, called your secretid account. You can look in your current account, and in there will be a file named secretid. Your password for that account is again your GoCard number. Don't tell anyone what your secretid is!

For this project, what you are going to do is write a suid program that will allow others to access a file in your secretid account on ia-class.

  • Your program should be named <secretid>.exe. Even though linux ignores the .exe suffix, we will use that to identify which is the executable.
  • It should read a password from a user who runs the program.
  • If the password is valid, print the contents of an existing file named <secretid>.txt.
  • Your program will also log who accessed <secretid>.txt in another file named <secretid>.log
  • Rather than have a single password for file access, you will have separate passwords that can be issued to different possible users.
  • You can use only passwords as identifiers, or you can assign each user a name at your discretion.
  • Provide a mechanism for adding and removing users who may access the file. This does not have to be fancy, and can be part of your suid program, or can be some simple mechanism like hand-editing a configuration file.
  • If you use a configuration file, it should be named <secretid>.cfg.
Each of you should write your program in either C or C++ on ia-class. DO NOT put your name or any other identifying information in the files you create.

To test your program, you can suid it to your own name and run it yourself. To do this,

To make your program suid:

  • Make sure it is executable by doing chmod a+x <secretid>.exe
  • Make it suid by doing chmod +s <secretid>.exe. Make sure the directory is readable by chmod go+rx ~/<secretid>
See the chmod man page for more information.

Be aware that others can see your code when your secretid account is open for testing, so be careful with the permissions, and only set them when you are actively testing. When done testing it, I recommend that you unset the suid bit by doing chmod -s <secretid>.exe. This is more secure for the files in your account. I also recommend turning off access to others in your secretid account by doing chmod go-rx ~/<secretid>

What to turn in:

First, you will create a separate directory in your account on ia-class named NETID-project2 where NETID is your login. Place in this directory a copy of the source code, the executable, the text file to be accessed, and any configuration files required. Do not include any object files you create.

Second, You will mail the instructor a tar file of this directory. You can create this by using the command:

tar -cf NETID.tar NETID-project2

Projects are due before class on September 29, 2009.

UPDATE: The new Hoyamail is choking on files named with an .exe extension. Do not include the executable in your tar file that you send to me.