Assignment 2 PDF

Preview

Summary

assignment2...

Description

Carleton University School of Computer Science

COMP 3000 (WINTER 2021) OPERATING SYSTEMS ASSIGNMENT 2 Please submit your answers to the following questions via CULearn by 23:59, March 10, 2021. There are 18 points + 4 bonus points (weight: 0.25) in total. Submit your answers as a gzipped tarball "username-comp3000-assign2.tar.gz" (where username is your MyCarletonOne username). Unlike tutorials, assignments are graded for the correctness of the answers. The tarball you submit must contain the following: 1. A plaintext file containing your solutions to all questions, including explanations. Further details are provided below. 2. A README.txt file listing the contents of your submission as well as any information the TAs should know when grading your assignment. 3. The source code for your modified version of 3000userlogin-patched for question 7 in Part 2. This should include all required changes. It must compile and run properly. 4. A diff file showing the modifications, by comparing your modified version above and the patched version: for example, diff -c 3000userlogin-patched.c 3000userlogin-modified.c > 3000userlogin.diff. Avoid moving around or changing existing code (unless necessary) which may be distracting. If you choose to answer question 8 in Part 2, you can submit another set of items 3 and 4 above. You can use this command to create the tarball: tar zcvf username-comp3000-assign2.tar.gz your_assignment_directory. **Don’t forget to include your plaintext file with the solutions!!** No other formats will be accepted. Submitting in another format will likely result in your assignment not being graded and you receiving no marks for this assignment. In particular, do not submit an MS Word, OpenOffice, or PDF file as your answers document! Empty or corrupted tarballs may be given a grade of zero, so please double check your submission by downloading and extracting it after uploaded to cuLearn. Don't forget to include what outside resources you used to complete each of your answers, including other students and web resources. You do not need to list help from the instructor, TA, or information found in the textbook. Use of any outside resources verbatim as your answer (like copy-paste or quotation) is not allowed, and will be treated as unauthorized collaboration (if it’s from another student). Please do NOT post assignment solutions on Discord or cuLearn forums or it will be penalized.

Questions – part 1 [6] 1. [3] In the context of this course when you write code in C, list three ways a program can get the value of an environment variable. Be specific but concise. 2. [3] Mention two obvious reasons why the password of a user (e.g., student in our course VM) cannot be easily retrieved by unauthorized parties. Assume that the unauthorized party already has access to your VM, as another non-root user. Also note: you should not assume non-root users can easily get the root privilege using the

command sudo. In our case, it’s just configured to facilitate operations, otherwise a user is usually not supposed to be able to sudo root.

Questions – part 2 [12] Download the original 3000userlogin.c in Tutorial 4: 1. Before answering any questions below, first patch the original file with the diff here. In the directory where 3000userlogin.c is located: patch --ignore-whitespace < 3000userlogin-passwd.diff This makes your 3000userlogin capable of prompting for a password and verifying it. There are no marks assigned to this step. As your original 3000userlogin.c has been replaced, to be clear, you can now rename it to 3000userlogin-patched.c. Use the patched file for all the following questions. Compile and run it as you did with the original 3000userlogin. Download directly: patched version. 2. [2] Why is line 38 (the memcpy() line) needed? Or put another way, what will happen without it? 3. [2] Sometimes, you need to invoke another command-line program for certain purposes. In the patched 3000userlogin, openssl is needed for computing the password hash. Check the man page of the popen() function. Mention two reasons as to why exec() cannot be used for this purpose. 4. [2] As we popen() the openssl command only for reading (“r”) its standard output, what happens to its standard input [1/2]? How do you know it [1/2]? 5. [2] In Tutorial 4, if you compile the code without configuring setuid root, you can at least log in with your current username (e.g., student), which has been well explained. However, for the patched 3000userlogin, without setuid root, you cannot log in as any user, always with the error message “Could not find user”. Why does it happen [1/2]? How did you find it out [1/2]? 6. [1] Why can’t you use fclose() to close the handle fp on line 49, instead of pclose()? (do not just say because it was created with popen(), not fopen()) 7. [3] Since 3000userlogin resembles the command su in some sense, next you can make 3000userlogin-patched’s behavior similar to that of the command sudo: - Take a second argument (next to the username) as the command to execute. - All subsequent arguments (if any) should be passed verbatim to the command. - After successful authentication with the password, the command should run normally. student@compxxxx:~$ ./3000userlogin-patched someuser ls -l Password:

student@compxxxx:~$ ./3000userlogin-patched someuser whoami Password: someuser student@compxxxx:~$ - Note: you should not need to provide the full path. You can just use ls instead of /bin/ls. - Once finished, you should be back to where 3000userlogin-patched was invoked, as with sudo. Hint: consider using a better function than the current execve(). Don’t bother to do what was done in 3000shell, i.e., avoiding using find_binary(). 8. BONUS [4] Change 3000userlogin-patched so that when no username is given, the program prompts for a username by displaying “Username:” a. Important: what is typed by the user must NOT be visible, as with “Password:” (echo turned off). b. The behavior of the rest of the program should NOT be affected, i.e., it proceeds as if the username was provided as an argument, prompts for the password for verification as before. After logged in, things should work as before. Achieving both a and b will get 4 bonus marks (no partial marks). Question 7 and question 8 should be independent of each other, both based on 3000userloginpatched.c, not combined.

2...