Carleton University School of Computer Science
COMP 3000 (WINTER 2021) OPERATING SYSTEMS ASSIGNMENT 2
Please submit your answers to the following questions via CULearn by 23:59, March 10, 2021. There are 18 points + 4 bonus points (weight: 0.25) in total.
Submit your answers as a gzipped tarball “username-comp3000-assign2.tar.gz” (where username is your MyCarletonOne username). Unlike tutorials, assignments are graded for the correctness of the answers.
The tarball you submit must contain the following:
1. Aplaintextfilecontainingyoursolutionstoallquestions,includingexplanations.Furtherdetailsare provided below.
2. AREADME.txtfilelistingthecontentsofyoursubmissionaswellasanyinformationtheTAsshould know when grading your assignment.
3. The source code for your modified version of 3000userlogin-patched for question 7 in Part 2. This should include all required changes. It must compile and run properly.
4. Adifffileshowingthemodifications,bycomparingyourmodifiedversionaboveandthepatched version: for example, diff -c 3000userlogin-patched.c 3000userlogin-modified.c >
3000userlogin.diff
may be distracting.
. Avoid moving around or changing existing code (unless necessary) which
tar zcvf username-comp3000-assign2.tar.gz
your_assignment_directory
If you choose to answer question 8 in Part 2, you can submit another set of items 3 and 4 above. You can use this command to create the tarball:
. **Don’t forget to include your plaintext file with the solutions!!**
No other formats will be accepted. Submitting in another format will likely result in your assignment not being graded and you receiving no marks for this assignment. In particular, do not submit an MS Word, OpenOffice, or PDF file as your answers document!
Empty or corrupted tarballs may be given a grade of zero, so please double check your submission by downloading and extracting it after uploaded to cuLearn.
Don’t forget to include what outside resources you used to complete each of your answers, including other students and web resources. You do not need to list help from the instructor, TA, or information found in the textbook.
Use of any outside resources verbatim as your answer (like copy-paste or quotation) is not allowed, and will be treated as unauthorized collaboration (if it’s from another student).
Please do NOT post assignment solutions on Discord or cuLearn forums or it will be penalized. Questions – part 1 [6]
1. [3] In the context of this course when you write code in C, list three ways a program can get the value of an environment variable. Be specific but concise.
2. [3] Mention two obvious reasons why the password of a user (e.g., student in our course VM) cannot be easily retrieved by unauthorized parties. Assume that the unauthorized party already has access to your VM, as another non-root user.
Also note: you should not assume non-root users can easily get the root privilege using the
command . In our case, it’s just configured to facilitate operations, otherwise a user is usually not supposed to be able to .
Questions – part 2 [12]
sudo root
Download the original 3000userlogin.c in Tutorial 4:
1. Beforeansweringanyquestionsbelow,firstpatchtheoriginalfilewiththediffhere.Inthedirectory where 3000userlogin.c is located:
patch –ignore-whitespace <3000userlogin-passwd.diffThis makes your 3000userlogin capable of prompting for a password and verifying it. There are no marks assigned to this step. As your original 3000userlogin.c has been replaced, to be clear, you can now rename it to 3000userlogin-patched.c. Use the patched file for all the following questions. Compile and run it as you did with the original 3000userlogin. Download directly: patched version.2. [2]Whyisline38(the line)needed?Orputanotherway,whatwillhappenwithoutit? 3. [2]Sometimes,youneedtoinvokeanothercommand-lineprogramforcertainpurposes.Inthepatched 3000userlogin, openssl is needed for computing the password hash. Check the man pageof the function. Mention two reasons as to why cannot be used for this purpose. 4. [2]Aswe theopensslcommandonlyforreading( )itsstandardoutput,whathappensto its standard input [1/2]? How do you know it [1/2]?5. [2]InTutorial4,ifyoucompilethecodewithoutconfiguringsetuidroot,youcanatleastloginwith your current username (e.g., student), which has been well explained. However, for the patched 3000userlogin, without setuid root, you cannot log in as any user, always with the error message “Could not find user”. Why does it happen [1/2]? How did you find it out [1/2]? popen()exec() popen()“r” 6. [1]Whycan’tyouusefclose()toclosethehandle say because it was created with popen(), not7. [3]Since3000userloginresemblesthecommand3000userlogin-patched’s behavior similar to that of the command sudo:- Take a second argument (next to the username) as the command to execute.- All subsequent arguments (if any) should be passed verbatim to the command.- After successful authentication with the password, the command should run normally.student@compxxxx:~$ ./3000userlogin-patched someuser ls -l Password:<<
student@compxxxx:~$ ./3000userlogin-patched someuser whoami Password:
someuser
student@compxxxx:~$
– Note: you should not need to provide the full path. You can just use ls instead of /bin/ls.
– Once finished, you should be back to where 3000userlogin-patched was invoked, as with sudo. Hint: consider using a better function than the current execve(). Don’t bother to do what was done in 3000shell, i.e., avoiding using .
fopen()
fp
online49,insteadofpclose()?(donotjust
) insomesense,nextyoucanmake
su
memcpy()
find_binary()
8. BONUS[4]Change3000userlogin-patchedsothatwhennousernameisgiven,theprogram prompts for a username by displaying “Username:”
a. Important: what is typed by the user must NOT be visible, as with “Password:” (echo turned off). b. The behavior of the rest of the program should NOT be affected, i.e., it proceeds as if the username was provided as an argument, prompts for the password for verification as before. After logged in, things should work as before.
Achieving both a and b will get 4 bonus marks (no partial marks).
Question 7 and question 8 should be independent of each other, both based on 3000userlogin- patched.c, not combined.
2
sudo
Reviews
There are no reviews yet.