SUID Programming Part 1 - Due before class September 18th

For this assignment, you will be writing a program that provides password access to a file on the class linux system. You should use the programming skills you currently have, and avoid researching secure computing topics unless needed. Not having a secure program at this point will not adversely effect your grade; having a non-working program will.

Like unix, linux uses the suid bit on files to provide a method of changing domains. Programs that need to run at a privilege level that is higher that that of an individual user are often owned by root and have the suid bit set, so that when they run, they run with root's privilege level. It is possible for others to provide access to their user domain using suid programs as well.

You will be given multiple accounts on mclovin. The first will share your netid. The others will be called your secretid accounts. If you log into your netid account (using your go-card number as an initial password) in there will be a file named secretid. Your password for thise accounts is again your GoCard number. Don't tell anyone what your secretid is!

Please note, if you need any software or find anything missing on mclovin, please let me know and I will get it installed.

For this project, what you are going to do is write a suid program that will allow others to access a file in your secretid account on mclovin.

  • Your program should be named <secretid>.exe. Even though linux ignores the .exe suffix, we will use that to identify which is the executable.
  • It should read a password from a user who runs the program.
  • If the password is valid, print the contents of an existing file named <secretid>.txt.
  • Your program will also log who accessed <secretid>.txt in another file named <secretid>.log
  • Rather than have a single password for file access, you will have separate passwords that can be issued to different possible users.
  • User names and passwords will be stored in a configuration file named <secretid>.cfg.
  • You should put your source code in file in the same directory. Name the file <secretid>.cc. If you have multiple source files, that is fine, see below for what to turn in.
Each of you should write your program in either C or C++ on mclovin. DO NOT put your name or any other identifying information in the files you create.

To test your program, you can suid it to your own name and run it yourself. To do this,

To make your program suid:

  • Make sure it is executable by doing chmod a+x <secretid>.exe
  • Make it suid by doing chmod +s <secretid>.exe.
  • Make sure the directory is readable by chmod go+rx ~/<secretid>
See the chmod man page for more information.

Be aware that others can see your code when your secretid account is open for testing, so be careful with the permissions, and only set them when you are actively testing. When done testing it, I recommend that you unset the suid bit by doing chmod -s <secretid>.exe. This is more secure for the files in your account. I also recommend turning off access to others in your secretid account by doing chmod go-rx ~/<secretid> while testing.

What to turn in:

First, you will create a separate directory in your regular,non-secret account on mclovin named NETID-part1 where NETID is your login. Place in this directory a copy of the source code, the text file to be accessed, and any configuration files required. Do not include any object files you create.

Second, you will create a tar file of this directory using the command:

tar -cf NETID-part1.tar NETID-part1

Third, you will find the SHA-1 hash of the tar file using the command:

sha1sum NETID-part1.tar

Finally, you will email the instructor the hash generated above. It should look something like:

254ac7760422461f0a0ca9adbbe65176555281da NETID-part1.tar

Next, you will make your code available for testing by others. Do this only shortly before class. You should have the following files in your secret id account:

  • <secretid>.exe

    This file should be world readable, world executable, SUID, and not writable

  • <secretid>.cfg

    This file should be world readable but writable only by your secretid

  • <secretid>.txt

    This file should be readable only by your secretid and not writable

  • <secretid>.log

    This file should be world readable but writable only by your secretid.

  • <secretid>.cc

    This file should be world readable but not writable. If you have multiple files that is fine, but all source files and any make files should all be readable.

Projects are due before class on September 18th, 2014.