SUID Programming Part 3 - Due before class October 16, 2014
For this assignment, you will be re-writing your program that provides password access to a file on the class linux system. Please see part 1 for details on the structure and how your code should be set up when you are finished.You will send me the hash of the tar file you create, just as you did in part 1.
You have a new secret account. See the new-anon-account.txt file in your netid directory to find out what it is. Your initial password is your gocard number. You old account is likely still accessible, but is in the /home/old directory.
This time, you should use the feedback you have received as well as outside readings to improve your code. Below are suggested readings that you can follow to see if you missed anything. Some may only be accessible from campus.
- Tips on Writing SUID/SGID programs
- Writing Safe Setuid Programs
- Secure Programming for Linux and Unix HOWTO
Projects are due before class on October 16, 2014. Make things secure! After the projects are up, your classmates will be trying to get the contents of your secret text file. Note: you do not have to include the "clay" nor "AzureDiamond" account and password this time. You do have to be able to prove that your code works at any time I ask you, though, by providing a working login and password. There must be at least five working ones.
The grading of this project will be based on:
- The proper functionality of your code and the proper setting of permissions. I had to fix too many submissions myself last time. It is simple, you can run my script and then check that it worked.
- The proper submission of your hash of your tar file. Some of you did not do this correctly last time.
- The proper anonymization of your code. Your netid and name should not appear anywhere in your anon account.
- The protection of your secret text file. If anyone gets the contents, that is very bad for your grade. I'd suggest you change the contents from last time.
- The robustness and reliability of your code. If people can get your code to crash, that is bad for your grade.