Quiz (NIX Access Control)

Question 1

Linux (Unix) is a single-user OS. T/F

Answer 1

False. Its multiuser. Android is based on Linux.

Question 2

Goals for main security mechanisms? (2 points)

Answer 2

• Enable user separation
• Enable protection of system code from user code

Question 3

Special users running specific processes and root. T/F

Answer 3

True. For system process, root can do everything.

Question 4

To perform system-level operations, a process invokes kernel code by using system calls. T/F

Answer 4

True.

Question 5

Every running process has a ____ and ____.

Answer 5

Real user ID and effective user ID

Question 6

What is the Real User ID? (2 points)

Answer 6

• The User ID of the user who opened the program
• Formally, the Real User ID of the parent process

Question 7

What is the Effective user ID? (3 points)

Answer 7

• The User ID actually used to determine what a process can do
• Typically, User ID == Real User ID
• Formally, the Effective User ID of the parent process

Question 8

User ID is a numeric value and it has an associated user name. T/F

Answer 8

True

Question 9

The user root can do “everything”, its User ID is 1. T/F

Answer 9

False. The User ID is 0.

Question 10

Every file has an associated owner user and an associated owner group. T/F

Answer 10

True.

Question 11

Which command to use to list files and their owners?

Answer 11

ls -la

Question 12

What is the command chown used for?

Answer 12

Change owner user/group

Question 13

What is the command chmod used for?

Answer 13

Chmod changes file permissions.

Question 14

When you interact with a CLI in a Linux machine you are actually interacting with a dedicated program. T/F

Answer 14

True

Question 15

Bash creates child opens processes to run the program you specify on the command lines. T/F

Answer 15

True

Question 16

What is setuid() used for?

Answer 16

When a program is executed (./program) the real UID and the effective UID of the corresponding process is the current user (displayed by id).

Question 17

If a program is stored in a setuid file, the owner of the corresponding process will be the ___. This allows users to ____.

Answer 17

The owner of the file program; perform privileged operations, by opening setuid programs

Question 18

When a process creates a new process, the child process ____.

Answer 18

keeps the same real user ID and effective user ID of its parent process

Question 19

New processes are normally created with the ___ system calls.

Answer 19

fork/execv

Question 20

Bash runs with _______.

Answer 20

real/effective user ID of the logged in user

Question 21

If a program is stored in a setuid file, when run, the effective user ID of the executed program is equal to ___.

Answer 21

the owner of the file. The real user ID is unchanged.

Question 22

Setuid programs must check that the calling user is ____.

Answer 22

supposed to execute the requested operation

Question 23

Sudo allows to execute any command as the root user, but only if ___.

Answer 23

the correct user’s password is inserted

Question 24

Supply a value of -1 for either the real or effective user ID forces ___.

Answer 24

the system to leave that ID unchanged

Question 25

Unprivileged processes may only set ___ to the ___.

Answer 25

effective user ID; real user ID/effective user ID

Question 26

Unprivileged processes may only set ___ to the ___.

Answer 26

real user ID; the real user ID/effective user ID

Question 27

The setuid bit may be ignored in some folders if ___.

Answer 27

the filesystem is mounted with the nosuid option.

Question 28

Debugging tools use the syscall ___.

Answer 28

ptrace

Question 29

ptrace allows ___.

Answer 29

an external process to read/modify code and data of another process.

Question 30

If a program is started using ptrace, the setuid bit is ignored. T/F

Answer 30

True

Question 31

If a program passes unsanitized user input to printf, we can cause it to utilize values from the stack that were not intended as parameters printf. T/F

Answer 31

True. This allows us to leak data from the program.

Question 32

If there is a buffer on the stack that can be overflown, the control flow of the program can be hijacked. T/F

Answer 32

True

Question 33

If there is an interesting function that we want to call, we can overwrite the return address with its address. T/F

Answer 33

True

Question 34

“-z execstack” what does this do?

Answer 34

makes the stack data executable, normally it is not

Question 35

“-fno-stack-protector” what does this do?

Answer 35

disable stack canaries. Stack canaries are used to detect buffer overflows corrupting the saved return address.

Question 36

“-no-pie” what does this mean?

Answer 36

makes the location where the main program is loaded fixed. In modern systems, this location is randomized making exploitation harder

Question 37

How can “-no-pie” be bypassed?

Answer 37

It can be bypassed by using an additional exploit to leak the location of the main program.