Information Assurance
Spring, 2003
Project 3
Password Processing
Due March 18, 2003, prior to class
For this assignment, you will be writing a program that provides
password access to a file on a Unix system.
We have seen that Unix uses the suid bit on files to
provide a method of changing domains. Programs that need to run at a
privilege level that is higher that that of an individual user are
often owned by root and have the suid bit set, so
that when they run, they run with root's privilege level. It
is possible for others to provide access to their user domain using
suid programs as well.
For this project, what you are going to do is write a suid
program that will allow others to access a file in your account on a
Unix system.
- Your program should be named <user_name>.exe.
Even though Unix ignores the .exe suffix, we will use that to
identify which is the executable.
- It should read a password from a user who runs the program.
- If the password is valid, print the contents of an existing file
named <user_name>.txt.
- Your program will also log who accessed <user_name>.txt
in another file named <user_name>.log
- Rather than have a single password for file access, you will have
separate passwords that can be issued to different possible users.
- You can use only passwords as identifiers, or you can assign each
user a name at your discretion.
- Provide a mechanism for adding and removing users who may access
the file. This does not have to be fancy, and can be part of your suid
program, or can be some simple mechanism like hand-editing a
configuration file.
- If you use a configuration file, it should be named <user_name>.cfg.
Each of you should have an account on GUSUN or CSSUN,
and and you may write your program in either C or C++ on one of those
machines. I will also be providing you an account on a Unix-flavor
machine in the near future; this will probably be somee Linux variant.
To test your program, you can suid it to your own name and
have some one else run it, or run it yourself from a friend's account.
If you can't find someone to test it, mail the instructor and he will
test it for you, or come by office hours.To make your program suid:
- Make sure it is executable by doing chmod a+x
<user_name>.exe
- Make it suid by doing chmod +s <user_name>.exe
See the chmod man page for more information.
When done testing it, I recommend that you unset the suid bit by
doing chmod -s <user_name>.exe. This is more secure for
the files in your account.
What to turn in:
You will mail the instructor a tar file containing the source code,
the executable, some text file to be accessed, and any configuration
files you require. Please do not send object files that are not needed.
Projects are due before class on March 18th, 2002.
References that might prove useful
include:
- Advanced Programming in the UNIX Environment, by W.R.
Stevens. If it is not in the library, or if you don't have a copy, the
instructor has a reference copy he will lend for short periods of time.
Students in my OS class may also have a copy that you might borrow.
- Links to the Secure programming articles on the class web
page