Information Assurance |
Clay Shields |
Information Assurance |
You have already written a program that provides password access to a file on the class linux system. Now you are going to revise your project, taking into account the things we are learning about secure programming. You should definitely be checking to make sure that your programs are secure against buffer overflows and other malicious input. The goals again are the same, but you will be graded on the security of your program. I will be installing a static analysis tool that will help you audit your code; I will send mail to the class when I have finished doing so. Write a secure suid program that will allow others to access a file in your account on ia-class.
To test your program, you can suid it to your own name and run it yourself from your secretid account. To make your program suid:
When done testing it, I recommend that you unset the suid bit by doing chmod -s <user_name>.exe. This is more secure for the files in your account. What to turn in: First, you will create a separate directory in your account on ia-class named NETID-project3 where NETID is your login. Place in this directory a copy of the source code, the executable, the text file to be accessed, and any configuration files required. Do not include any object files you create. Second, You will mail the instructor a tar file of this directory. You can create this by using the command: tar -cf NETID.tar NETID-project3 Projects are due before class on March 27, 2006. |