Aa!rӀ  0 U `` 0 P@P p0p`@HH $ @d HHHH̀̀̀ff@  d Footnote TableFootnote**.\t.\t/ - :;,.!?   d0 d0TOCHeading1Heading2   QEquationVariablesRBL::=: ;;R<<$monthname> <$daynum>, <$year>"<$monthnum>/<$daynum>/<$shortyear>;<$monthname> <$daynum>, <$year> <$hour>:<$minute00> <$ampm>"<$monthnum>/<$daynum>/<$shortyear><$monthname> <$daynum>, <$year>"<$monthnum>/<$daynum>/<$shortyear> <$fullfilename> <$filename> <$paratext[Title]> <$paratext[Heading1]> <$curpagenum> <$marker1> <$marker2> (Continued)+ (Sheet <$tblsheetnum> of <$tblsheetcount>)Heading & Page <$paratext> on page<$pagenum>Pagepage<$pagenum>See Heading & Page%See <$paratext> on page<$pagenum>. Table All7Table<$paranumonly>, <$paratext>, on page<$pagenum>Table Number & Page'Table<$paranumonly> on page<$pagenum>AHeadings-kHTMLA||~~Ag5y::: 55: MM1.M ::::: ::::?:A:C:E:G:I:K:M:O:|:~::::::::::::::::::::::::::::;;;;;!;#;%;';);T;V;X;Z;\;^;`;b;d;fQ;jQQM;;;;;;Q;;;;;;;Q;;;;;;;Q;;;;;QQMQQNQQN<<<>>>> > > >>>>>>>>>>!>#>%>'>)>+>->/>1>3>5>7>9>;Nr>?>A>C>E>G>I>K>M>O>Q>S>U>WNtJENJOlK=OKQOKOKP,K@@@JAA AAA AM LM M M M M  M! M" M# M$ M% M& M' M( M) M*#2.M+#3.M?#8.PPPM0#4.M1#5.M2a.M3b.M4c.M5d.M6#6.M7a.M8b.PPPPPPPPPPPPPPPPPPQQQQQ Q Q QQQQQ>Q@QQQQQQndqd:}P#z#$ OGe P:Numbered+ dM " HmRM HmRHRHR Footnote Hr@MHr@HzHz Single LineHM Footnote M  HDM HDHH Double LineHM Double LineM M HM  Single LineM HZM " TableFootnoted5p HHˆ5xHHˆGe HHˆ5zHHˆl $$:$$etGBm V $$:$$l} : GeHeadings Table } :  Ge } :  Ge }l: lG eHeading Level HUV 5HUV Ge HUV 5HUV l H$ 5H$ Ge H$ 5H$ l HHˆ5HHˆ (( `Sample Midterm Exam   The following code fragment exists in a program that is setuid to  root . Its function is to read a series of lines from 0|the standard input and append them to the file named in the variable  file . However, for security reasons, it must |not append the lines if  file  is a symbolic link to another file. The following sequence is intended to implement this functionality. Please determine if it does correctly ( i.e. ., does this code pose a security risk)? Justify your @fanswer, of course. (Note: the label  error  is defined elsewhere to handle error conditions.)  `2/* get the attributes of the file associated with q`6 the name; do not follow any symbolic links */ u`if (lstat(file, &buf) < 0) v` goto error; w`'if ((buf.st_mode&S_IFLNK) == S_IFLNK){ x`3fprintf(stderr, %s is a symbolic link\n, file); y` goto error; z`} {`//* open the file, write to it, and close it */ |`%if ((fp = fopen(file, a)) == NULL) }` goto error; ~`)while(fgets(buf, BUFSIZ, stdin) != NULL) `fputs(buf, fp); `(void) fclose(fp); # oWhy is a precise statement of security requirements critical to the determination of whether a given system is @secure? ! mPlease describe how the vulnerabilities models are used during the Flaw Hypothesis Methodology. Be explicit: @3which phase of the methodology uses them, and how?  yDoes the UNIX operating system enforce the principle of complete mediation for ordinary users ( i.e. , excluding  @Hroot )? If not, what needs to be changed to enforce that principle? # tInto which category or categories of the Program Analysis classification do the following fall? Please justify your @answer.  q`1Buffer overflow causing a return into the stack?  `6Allowing an ordinary user to alter the password file?  `*Simultaneous writes to a shared database?  kReading a UNIX file by directly accessing the raw device and reading first the superblock, then the files @+inode, and finally the files data blocks?  `oWhich of the following demonstrate violations of the principle of least privilege? Please justify your answer. `!The UNIX  root  account?  oA user whose function is to maintain and install system software. This user has access to the source files and 0㪇ndirectories, and can copy executables into system directories for other users. This user has no other special @ privileges. `[Describe how to use a public key cryptosystem to protect the confidentiality of a message. Q `/What is a certificate? What are they used for? HHˆ5HHˆl}: G eParagraph Format }:!G e Comments }l: )lGe2 EGxRMEGxREPwEPw TableFootnote}HP#$H$ OGeP }6P##%6$ OGeN }6P#$&6$ OGeN }P#%$ OGe }P#($ PGe P:Lettered+ }HP#'xH$ PGeP }:!*Ge Heading1 }:)uGe d:8-- $$:9+$$0a-0XSNID?:50+& ' l^bf~zvrnjUX[IMQ.14FC@=:7GBm ` _ ^ ] Z W $$:;+$$%,,l}$ :>iT1$ jWeCharacter Macros }l :@il jWe } :Bi jWe }$H:Di.2$HjW e Character }l:Fi13ljW e Replace With }:Hi24jW e Comments }$H:Ji35$HjW e }l:Li46ljW e¢ }:Ni5FjW e }$H:{i<8$HjW e }l:}i79ljW e... }:i8jW e }$H:i?;$HjW e }l:i:<ljW e- }:i;7jW  e }$H:iB>$Hj W! e }l:i=?lj W" e-- }:i>:j W# e }$H:iEA$Hj W$ e }l:i@Blj W% e° }:iA=j W& e }$H:iHD$Hj W' e }l:iCElj W( e® }:iD@j W) e }$H:i6G$Hj W* e }l:iFHlj W+ e© }:iGCj W, e }$Z :i]M$Z j W-eGeneral Macros }Z :iZ j W.e }Z :iZ j W/e }\Z :i\Z j W0e }$jh:iIN$jhjW1 e Macro Name }jh:iMOjhjW2 e Replace With }jh:iNPjhjW3 eHead }\j:iOQ\jjW4 e Comments }$zh:iPR$zhjW5 e }zh:iQSzhjW6 e }zh:iRTzhjW7 e }\z:iS.\zjW8 e }$$ ;imX$$ j W9eCross-Reference Macros }$ ;i$ j W:e }D$ ;iD$ j W;e }$4;iUY$4j W< e Macro Name }4; iXZ4j W= e Replace With }D4;"iY[D4j W> e Comments }$D;$iZ\$Dj W? e See Also }D;&i[]Dj W@ eSee <$paratext> }DD;(i\IDDj WA e }$z ;S#b$z $ WBeSystem Macros }z ;U#z $ WCe }z ;W#z $ WDe }\z ;Y#\z $ WEe }$h;[#^c$h$ WF e Macro Name }h;]#bdh$ WG e Replace With }h;_#ceh$ WH eHead }\h;a#df\h$ WI e Comments }$h:;c#eg$h:$ WJ e StartOfDoc }h:;e#fhh:$ WK e }h:;g#gih::$ P4e L���e <$defaulttitle> N���e QOhe }\h:;i#h\h:$ WM e }$²h;iqk$²hj WQ eEndOfLastSubDoc }²h;ijl²hj WR e }²h;ikm²hj WS e }\²h;ilU\²hj WT e }$xh:;iuo$xh:j WU eStartOfLastSubDoc }xh:;inpxh:j WV e }xh:;ioqxh::j u4e W���e <$defaulttitle> s���e Qthe }\xh:;ipj\xh:j WX e }$hh;iys$hhj WY eEndOfFirstSubDoc }hh;irthhj WZ e }hh;isuhhj W[ e }\hh;itn\hhj W\ e }$.h:;iw$.h:j W] eStartOfFirstSubDoc }.h:;ivx.h:j W^ e }.h:;iwy.h::j r4e _���e <$defaulttitle> p���e Qqhe }\.h:;ixr\.h:j W` e }$h;#{$h$ Wa e EndOfSubDoc }h;#z|h$ Wb e }h;#{}h$ Wc e }\h;#|\h$ Wd e }$h:;#$h:$ We eStartOfSubDoc }h:;#~h:$ Wf e }h:;#h::$ o4e g���e <$defaulttitle> m���e Qnhe }\h:;#z\h:$ Wh e }$h;#i$h$ Wi e EndOfDoc }h;#h$ Wj e }h;#h$ Wk e }\h;#~\h$ Wl e }$4 <#& $4 $ WveHTML Options Table }4 <#4 $ Wwe }h4 <#h4 $ Wxe }$D< # $D$ Wy eControl }D<"# D$ Wz eValue }hDH<$# hDH$ W{ e Comments }$T<&# $T$ W| e Image Format }T<(# T$ } % 0001IMAGGIF PE MACP0001GIF }hTH<*# lhTH$ W~ e } 6$$ 'W# eX:Page }H<#57H$ 'W$ e See Also }6<#686$ 'W% eN }26<#7926$ 'W& eN }h<#80h$ 'W' e }$<#C;$$ (W( eX:Heading & Page }H<#:<H$ (W) e See Also }6<#;=6$ (W* eN }26=#<>26$ (W+ eN }h=#=5h$ (W, e }$=#H@$$ )W- eC:EquationVariables }H=#?AH$ )W. eEM }6=#@B6$ )W/ eN }26= #AC26$ )W0 eN }h= #B:h$ )W1 e }$=#ME$$ *W2 e C:Emphasis }H=#DFH$ *W3 eEM }6=#EG6$ *W4 eN }26=#FH26$ *W5 eN }h=#G?h$ *W6 e }$=#RJ$$ +W7 eC:Code }H=#IKH$ +W8 eEM }6=#JL6$ +W9 eN }26=#KM26$ +W: eN }h= #LDh$ +W; e }$="#WO$$ ,W< eC:Bold }H=$#NPH$ ,W= eEM }6=&#OQ6$ ,W> eN }26=(#PR26$ ,W? eN }h=*#QIh$ ,W@ e }$=,#\T$$ -WA eP:Title }H=.#SUH$ -WB eH* }6=0#TV6$ -WC eN }26=2#UW26$ -WD eN }h=4#VNh$ -WE e }$b,=6#Y$b,$ .WF e P:TableTitle }bH,=8#XZbH,,$ .d&eLI Ge Parent = OL Qce Depth = 0 }b6,=:#Y[b6,$ .WH eN }2b6,=<#Z\2b6,$ .WI eN }hb,=>#[Shb,$ .WJ e }=@+f^, /GKeP:TableFootnote }H=B+]_H, /GLeP }6=D+^`6, /GMeN }6=F+_a6, /GNeN }=H+`, /GOe }=J+kc, 0GPeP:Rule }H=L+bdH, 0GQeP }6=N+ce6, 0GReN }6=P+df6, 0GSeN }=R+e], 0GTe },=T+ph,, 1GUe P:Numbered1 }H,=V+giH,,, 1beLI Ve Parent = OL Aae Depth = 0 }6,=X+hj6,, 1GWeN }6,=Z+ik6,, 1GXeN },=\+jb,, 1GYe },=^+um,, 2GZe P:Numbered }H,=`+lnH,,, 2`eLI [e Parent = OL A_e Depth = 0 }6,=b+mo6,, 2G\eN }6,=d+np6,, 2G]eN },=f+og,, 2G^e }=h+zr, 3G_eP:Mapping Table Title }H=j+qsH, 3G`eP }6=l+rt6, 3GaeN }6=n+su6, 3GbeN }=p+tl, 3Gce }=r+w, 4GdeP:Mapping Table Cell }H=t+vxH, 4GeeP }6=v+wy6, 4GfeN }6=x+xz6, 4GgeN }=z+yq, 4Ghe }=|+|, 5GieP:ManHeading2 }H=~+{}H, 5GjeP }6=+|~6, 5GkeN }6=+}6, 5GleN }=+~v, 5Gme }=+ , 6Gne P:ManHeading }H=+H, 6GoeP }6=+6, 6GpeN }6=+6, 6GqeN }=+{, 6Gre }=+, 7Gse P:ManBody }H=+H, 7GteP }6=+6, 7GueN }6=+ 6, 7GveN }=+, 7Gwe },=+ ,, 8Gxe P:LetteredA }H,=+ H,,, 8^eLI ye Parent = OL A]e Depth = 0 }6,=+ 6,, 8GzeN }6,=+ 6,, 8G{eY },=+ ,, 8G|e },=+,, 9G}e P:Lettered }H,=+H,,, 9\eLI ~e Parent = OL A[e Depth = 0 }6,=+6,, 9GeN }6,=+6,, 9GeY },=+ ,, 9Ge }=+, :Ge P:Indented }H=+H, :GeP }6=+6, :GeN }6=+6, :GeN }=+, :Ge }=+", ;GeP:HeadingRunIn }H=+H, ;GeP }6=+6, ;G eN }6=+6, ;G eN }=+, ;G e }=+', <G e P:Heading2 }H=+ H, <G eH* }6=+!6, <GeN }6=+ "6, <GeN }=+!, <Ge }=+,$, =Ge P:Heading1 }H=+#%H, =GeH* }6=+$&6, =GeN }6=+%'6, =GeN }=+&, =Ge }=+1), >GeP:Heading Info }H=+(*H, >GeP }6=+)+6, >GeN }6=+*,6, >GeN }=++#, >Ge }=+6., ?GeP:Hand }H=+-/H, ?GeP }6=+.06, ?GeN }6=+/16, ?GeN }=+0(, ?Ge }=+;3, @G e P:Footnote }H=+24H, @G!eP }6=+356, @G"eN }6=+466, @G#eN }=+5-, @G$e },=+@8,, AG%e P:Exercise }H,=+79H,,, AZeLI &e Parent = OL AYe Depth = 0 }6,=+8:6,, AG'eN }6,=+9;6,, AG(eN },=+:2,, AG)e }=+E=, BG*e P:Due Date }H>+<>H, BG+eP }6>+=?6, BG,eN }6>+>@6, BG-eN }>+?7, BG.e }>+JB, CG/e P:CodeIndent }H> +ACH, CG0eP }6> +BD6, CG1eN }6>+CE6, CG2eN }>+D<, CG3e }>+OG, DG4e P:CodeCenter }H>+FHH, DG5eP }6>+GI6, DG6eN }6>+HJ6, DG7eN }>+IA, DG8e }>+TL, EG9eP:Code }H>+KMH, EG:eP }6> +LN6, EG;eN }6>"+MO6, EG<eN }>$+NF, EG=e }>&+YQ, FG>eP:CellHeading }H>(+PRH, FG?eP }6>*+QS6, FG@eN }6>,+RT6, FGAeN }>.+SK, FGBe }>0+^V, GGCe P:CellBody }H>2+UWH, GGDeP }6>4+VX6, GGEeN }6>6+WY6, GGFeN }>8+XP, GGGe },>:+c[,, HGHe P:Bulleted }H,><+Z\H,,, HXeLI Ie Parent = UL AWe Depth = 0 }6,>>+[]6,, HGJeN }6,>@+\^6,, HGKeN },>B+]U,, HGLe }>D+h`, IGMe P:BodyList }H>F+_aH, IGNeP }6>H+`b6, IGOeN }6>J+ac6, IGPeN }>L+bZ, IGQe }>N+"e, JGRe P:BodyCenter }H>P+dfH, JGSeP }6>R+eg6, JGTeN }6>T+fh6, JGUeN }>V+g_, JGVe d>kk $$>i$$v9kvrnjUX[IMQ.14FC@=:7$$>i$$%jjl}$d@#m$d$ KWe e!Copy Files Imported by Reference }d@#lnd$ KWf eN }hdH@#mhdH$ KWg e *}lAwslMGke1 }ArtMGl eTitle }AsMGme }lA*vlNGne3 }AuwNGoe Heading2 }AvrNGpe }6P#(y6$ PGeN }6P#xz6$ PGeN }P#y$ PGe dL|H$ L{~H$ }}l H$ L{H$ |Wr l3 USample Midterm Exam aECS 153 Fall 2000 HUV L{|HUV  l HUV L{HUV ~Wsl^Version of   bNovember 5, 2000 9:23 pm cPage   d1 e of   f1 g HHˆL{~HHˆ l HHˆL{HHˆWte }P# $ QGe P:AnswerA+ }HP#H$ QGeP }6P#6$ QGeN }6P#6$ QGeN }P#'$ QGe },P#,$ RGe P:AnswerA }H,P# H,,$ ReLI -e Parent = UL A.e Depth = 0 }6,P# 6,$ RGeN }6,P# 6,$ RGeN },P# ,$ RG e }P# $ SG!e P:Answer+ }HQ# H$ SG"eP }6Q# 6$ SG#eN }6Q#6$ SG$eN }Q#$ SG%e },Q#*,$ TG&e P:Answer }H,Q #H,,$ T'eLI +e Parent = UL A,e Depth = 0 }6,Q #6,$ TG(eN }6,Q#6,$ TG)eN },Q# ,$ TG*e }Q#$ UG/eCSS Export Encoding }Q#$ UG0e }HQ#^H$ UG1e }Q#n$ VG2eExport Encoding }Q#$ VG3e }HQ#H$ VG4e dLeftd{Rightd ReferenceddHeadingsd+HTMLd#HTMLdiHTML f@PRTitleBody. @@ RBody. f@D R.Due DateBody. @@ RMapping Table Title. @@ RMapping Table Cell. @@ RMapping Table Title. @@ RMapping Table Cell. $$@   H.l..... .D.h....Code. @@ RMapping Table Cell. @@ RMapping Table Cell. @@ RHeader Double Line. f@T R TableTitleT:Table : . f@ RBody. f@ R Footnote. f@  R CellFooting. $f@AE R$. LetteredA A:.Lettered. @@ RFooter. $f@A R$. Lettered A:.\t. f@E R Numbered1.\tNumbered. f@T RHeading2Body. $f@AE R$. LetteredA A:.Lettered. f@E RAnswerEmphasisAnswer: Body. $f@A R$. Lettered A:.\t. f@D R BodyCenterBody. $$@   H.l..... .D.h....Code. f@ R Numbered.\t. f@  R CellHeading. f@H RExerciseBoldH:Exercise . . f@ R Hand. @   $H.l..... .D.h.... CodeCenter. f@T R HeadingRunInBody. $$f@D RBodyListBody. $@   $H.l..... .D.h.... CodeIndent. f@ R Indented. $$f@E RAnswerAEmphasisAnswer: Body. f@ R TableFootnote. f@ RCellBody. f@T R TableTitleT:Table : . $$f@D RAnswerA+EmphasisBody. f@ RRule. @@ R $ H l      D h  ManHeading. f@D RAnswer+EmphasisBody. f@P R Heading InfoBody. f@ RBody. f@ R Numbered+. $f@ R$. Lettered+. f@ R CellHeading. f@E R Numbered1.\tNumbered. f@ R Numbered.\t. f@ R Bulleted\t. f@ RCellBody.  f@PRTitleBody. @@ R ManHeading2. f@T RHeading1Body. @@ R $ H l      D h  ManBody.  R R R R R RR R 33R  /Bold /  Code RRREmphasisREquationVariables   R RThinMediumDoubleThick@ Very Thin H&5H&5H&5H&5H&5Format AH Mapping Table H&5H&5H&5H&5H&5Format BH Mapping Table 6Mlh pH  hhh   ( hhhh N UH> OH66K  N!)*$ j./0$hj123$h j456$hj789$h j:;<$h j= > ? $h j@ A B $h jC D E $h jF G H $Z jI J K L $j jMNOP$zjQRST$$ jUVW$4jXYZ$Dj[\]$z $^_`a$$bcde$:$fghi$²jjklm$x:jnopq$hjrstu$.:jvwxy$$z{|}$:$~$$$4 $$D$   $TK$   !,      ",!!!!!!#,""""""J,## #!#"#$%T$&$'$($)$*$$&$$+%,%-%.%/%$'%$0&1&2&3&4&$(&$5'6'7'8'9'$)'$:(;(<(=(>($*($?)@)A)B)C)$+)$D*E*F*G*H*$,*$I+J+K+L+M+$-+$N,O,P,Q,R,$.,$S-T-U-V-W-$b,/-$X.Y.Z.[.\.0.,]/^/_/`/a/1/,b0c0d0e0f0,20,g1h1i1j1k1,31,l2m2n2o2p242,q3r3s3t3u353,v4w4x4y4z464,{5|5}5~5575,6666686,7777 7,97, 8 8 8 88,:8,99999;9,:::::<:,;;;;;=;,<< <!<"<><,#=$=%=&='=?=,(>)>*>+>,>@>,-?.?/?0?1?A?,2@3@4@5@6@,B@,7A8A9A:A;ACA,B?B@BDB,ACBCCCDCECEC,FDGDHDIDJDFD,KELEMENEOEGE,PFQFRFSFTFHF,UGVGWGXGYG,IG,ZH[H\H]H^HJH,_I`IaIbIcI#I,dJeJfJgJhJ$dV$lKmKnK NrMsMtMMuNvNwNP$O#O$O%O&OQO$'P(PxPyPzPRP$QQQQQ,SQ$RR R R RTR$ S SSSS,$S$TTTTTV$UUUKU$VVVComment LMMMd BlackT!WhiteddARedddGreendd BluedCyandMagentad YellowHeader/Footer $1Header/Footer $1Header/Footer $2Header/Footer $2IndexIndexCommentCommentSubjectSubjectAuthorAuthorGlossaryGlossaryEquationEquation Hypertext Hypertext  Cross-Ref Cross-Ref Conditional TextConditional TextPositionFMPrivatePositionFMPrivateRangeEndFMPrivateRangeEndFMPrivate HTML Macro HTML Macro M.Times.B Times-Bold FrameRoman M.Times.P Times-Roman FrameRoman M.Courier.PCourier FrameRoman M.Times.BITimes-BoldItalic FrameRoman M.Times.I Times-Italic FrameRoman M.Helvetica.BHelvetica-Bold FrameRomanfCourier. HelveticaQTimes"Regular$Roman MediumBoldRegularItalicVmr%Z\˦^Hbz?HxEՓ~{}0 ~]m5X  /Āvɉ=q2`MH/}yrTq