Secure Software Design - Set-UID Programs Flashcards

1
Q

What is the purpose of Set-UID programs?

A

To grant temporary superuser privileges to regular users for specific tasks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Fill in the blank: Set-UID programs allow temporary ______ to regular users to perform specific operations.

A

Superuser privileges

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

List two common approaches to granting limited elevated privileges in Unix systems.

A

Daemon processes and Set-UID programs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What does the Set-UID bit do?

A

Marks a program to run with the file owner’s privileges, often temporarily granting elevated rights to users.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Name the three user IDs associated with a process in Unix-based systems.

A

Real user ID, effective user ID, and saved user ID.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Fill in the blank: In Set-UID programs, the ______ ID controls access permissions during execution.

A

Effective user

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Give an example of a Set-UID program commonly used in Unix.

A

The ‘passwd’ program, which allows non-root users to change passwords.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Why is capability leaking a security concern in Set-UID programs?

A

It allows residual privileges to be exploited if privileges aren’t downgraded properly.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What function should be used instead of ‘system()’ to reduce security risks in Set-UID programs?

A

The ‘execve()’ function, as it avoids invoking the shell.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Explain a security risk of using ‘system()’ in Set-UID programs.

A

Users can inject arbitrary commands if ‘system()’ is used, potentially leading to unauthorized actions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Fill in the blank: To avoid command injection in Set-UID programs, use ______ instead of ‘system()’.

A

execve()

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Why is it important to close file descriptors in privileged programs?

A

To prevent unauthorized users from accessing files with elevated permissions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Fill in the blank: Failing to close file descriptors in Set-UID programs can lead to ______ leaks.

A

Capability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

How do environment variables pose a security risk in Set-UID programs?

A

Unsanitized environment variables can be manipulated to influence program behavior, especially in privileged processes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What environment variable is commonly manipulated to change library paths in Unix?

A

LD_LIBRARY_PATH or LD_PRELOAD.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Explain why dynamic linking can be risky in Set-UID programs.

A

Users can influence linked library paths at runtime, potentially injecting malicious code.

17
Q

How does Unix protect Set-UID programs from ‘LD_PRELOAD’ attacks?

A

Unix ignores ‘LD_PRELOAD’ when real and effective user IDs differ, preventing user-injected code from loading.

18
Q

Fill in the blank: Using ______ instead of relative paths in Set-UID programs reduces the attack surface.

A

Absolute paths

19
Q

Why is specifying full paths for external commands in Set-UID programs important?

A

It prevents reliance on the PATH variable, avoiding potential command substitution by attackers.

20
Q

Name a function recommended for safely accessing environment variables in privileged applications.

A

secure_getenv()

21
Q

How does ‘secure_getenv()’ enhance security in privileged programs?

A

It safely retrieves environment variables, preventing unauthorized manipulation in Set-UID programs.

22
Q

Explain the risk of relying on the PATH environment variable in Set-UID programs.

A

Attackers can manipulate PATH to replace expected commands with malicious scripts.

23
Q

What is the purpose of execve() in Unix-based systems?

A

To execute a specified program without opening a shell, reducing security risks in privileged programs.

24
Q

Fill in the blank: Environment variables should be ______ in Set-UID programs to avoid unauthorized influence.

A

Sanitized

25
Q

Why should dynamic library paths like LD_LIBRARY_PATH be avoided in Set-UID programs?

A

These can be manipulated to load malicious libraries, compromising security.

26
Q

Describe a mitigation technique for preventing command injection in Set-UID programs.

A

Using ‘execve()’ with absolute paths instead of ‘system()’ avoids shell invocation and reduces risk.

27
Q

Why are Set-UID programs safer than giving full root access to users?

A

They only grant elevated privileges for specific tasks, limiting user actions with superuser rights.

28
Q

What does the ‘principle of least privilege’ imply for Set-UID programs?

A

They should only use the minimum privileges required and downgrade privileges when no longer needed.

29
Q

Explain why environment variables like PATH and LD_LIBRARY_PATH need to be sanitized in Set-UID programs.

A

Unsanitized variables can be manipulated to execute or link to unintended commands and libraries.

30
Q

Fill in the blank: Functions like ‘execve()’ can limit command execution in Set-UID programs by avoiding the ______ invocation.

A

Shell

31
Q

What is a common attack vector involving dynamic linking in Set-UID programs?

A

Manipulating LD_PRELOAD to inject malicious libraries.

32
Q

Give an example of a privileged operation that Set-UID programs commonly perform.

A

Allowing non-root users to update passwords via the ‘passwd’ program.

33
Q

What function should be used to safely retrieve environment variables in privileged programs?

A

secure_getenv()