Secure Software Design - Set-UID Programs

Question 1

What is the purpose of Set-UID programs?

Answer 1

To grant temporary superuser privileges to regular users for specific tasks.

Question 2

Fill in the blank: Set-UID programs allow temporary ______ to regular users to perform specific operations.

Answer 2

Superuser privileges

Question 3

List two common approaches to granting limited elevated privileges in Unix systems.

Answer 3

Daemon processes and Set-UID programs.

Question 4

What does the Set-UID bit do?

Answer 4

Marks a program to run with the file owner’s privileges, often temporarily granting elevated rights to users.

Question 5

Name the three user IDs associated with a process in Unix-based systems.

Answer 5

Real user ID, effective user ID, and saved user ID.

Question 6

Fill in the blank: In Set-UID programs, the ______ ID controls access permissions during execution.

Answer 6

Effective user

Question 7

Give an example of a Set-UID program commonly used in Unix.

Answer 7

The ‘passwd’ program, which allows non-root users to change passwords.

Question 8

Why is capability leaking a security concern in Set-UID programs?

Answer 8

It allows residual privileges to be exploited if privileges aren’t downgraded properly.

Question 9

What function should be used instead of ‘system()’ to reduce security risks in Set-UID programs?

Answer 9

The ‘execve()’ function, as it avoids invoking the shell.

Question 10

Explain a security risk of using ‘system()’ in Set-UID programs.

Answer 10

Users can inject arbitrary commands if ‘system()’ is used, potentially leading to unauthorized actions.

Question 11

Fill in the blank: To avoid command injection in Set-UID programs, use ______ instead of ‘system()’.

Answer 11

execve()

Question 12

Why is it important to close file descriptors in privileged programs?

Answer 12

To prevent unauthorized users from accessing files with elevated permissions.

Question 13

Fill in the blank: Failing to close file descriptors in Set-UID programs can lead to ______ leaks.

Answer 13

Capability

Question 14

How do environment variables pose a security risk in Set-UID programs?

Answer 14

Unsanitized environment variables can be manipulated to influence program behavior, especially in privileged processes.

Question 15

What environment variable is commonly manipulated to change library paths in Unix?

Answer 15

LD_LIBRARY_PATH or LD_PRELOAD.

Question 16

Explain why dynamic linking can be risky in Set-UID programs.

Answer 16

Users can influence linked library paths at runtime, potentially injecting malicious code.

Question 17

How does Unix protect Set-UID programs from ‘LD_PRELOAD’ attacks?

Answer 17

Unix ignores ‘LD_PRELOAD’ when real and effective user IDs differ, preventing user-injected code from loading.

Question 18

Fill in the blank: Using ______ instead of relative paths in Set-UID programs reduces the attack surface.

Answer 18

Absolute paths

Question 19

Why is specifying full paths for external commands in Set-UID programs important?

Answer 19

It prevents reliance on the PATH variable, avoiding potential command substitution by attackers.

Question 20

Name a function recommended for safely accessing environment variables in privileged applications.

Answer 20

secure_getenv()

Question 21

How does ‘secure_getenv()’ enhance security in privileged programs?

Answer 21

It safely retrieves environment variables, preventing unauthorized manipulation in Set-UID programs.

Question 22

Explain the risk of relying on the PATH environment variable in Set-UID programs.

Answer 22

Attackers can manipulate PATH to replace expected commands with malicious scripts.

Question 23

What is the purpose of execve() in Unix-based systems?

Answer 23

To execute a specified program without opening a shell, reducing security risks in privileged programs.

Question 24

Fill in the blank: Environment variables should be ______ in Set-UID programs to avoid unauthorized influence.

Answer 24

Sanitized

Question 25

Why should dynamic library paths like LD_LIBRARY_PATH be avoided in Set-UID programs?

Answer 25

These can be manipulated to load malicious libraries, compromising security.

Question 26

Describe a mitigation technique for preventing command injection in Set-UID programs.

Answer 26

Using ‘execve()’ with absolute paths instead of ‘system()’ avoids shell invocation and reduces risk.

Question 27

Why are Set-UID programs safer than giving full root access to users?

Answer 27

They only grant elevated privileges for specific tasks, limiting user actions with superuser rights.

Question 28

What does the ‘principle of least privilege’ imply for Set-UID programs?

Answer 28

They should only use the minimum privileges required and downgrade privileges when no longer needed.

Question 29

Explain why environment variables like PATH and LD_LIBRARY_PATH need to be sanitized in Set-UID programs.

Answer 29

Unsanitized variables can be manipulated to execute or link to unintended commands and libraries.

Question 30

Fill in the blank: Functions like ‘execve()’ can limit command execution in Set-UID programs by avoiding the ______ invocation.

Answer 30

Shell

Question 31

What is a common attack vector involving dynamic linking in Set-UID programs?

Answer 31

Manipulating LD_PRELOAD to inject malicious libraries.

Question 32

Give an example of a privileged operation that Set-UID programs commonly perform.

Answer 32

Allowing non-root users to update passwords via the ‘passwd’ program.

Question 33

What function should be used to safely retrieve environment variables in privileged programs?

Answer 33

secure_getenv()