Suppose that you are writing a program and you need to construct
the full name of a file which you will open. The filename consists of a
directory-path and the actual nodename. Nodenames are usually
restricted
to being no more than 255 characters long.
Explain at least two things wrong with
the following piece of code:
Suppose the path were the name of a user, and we intend to
write to the file e.g.
name = BuildName("/home/mark", ".cshrc");
fp = fopen(name,"w");
Describe and explain a safe way to open the file for a system
process. Describe what can go wrong in this kind of simple operation.
The Berkeley 'lpr' command has an rflag that tells the lpr
command
to remove the file after printing. The lpr command used to run with
super user
privileges and used access(2) to check for permission to remove the
file.
Explain why this program is susceptible to a TOCTOU attack and suggest
a way to fix the problem.
int rflag; /* -r: remove file after printing */
if (rflag) {
if ((cp = strrchr(file, '/')) ==
NULL) {
if
(access(".", 2) == 0) return(1);
}
else {
if (cp ==
file) fd = access("/", 2);
else {
*cp{ = '\0'; fd = access(file,
2); *cp = '/';
}
if (fd == 0)
return(1);
}
printf("%s: %s: is not removable
by you\n", name, file);
return(0);
}
In a web application running on IIS with SQL server database as
the back end, the login page consists of an HTML form.
The login
request is a post to an Active Server Page (ASP) script for a database
lookup to check if the user exists and to obtain information about the
user (such as trading
limits).
The following is a code snippet from the ASP page that
handles the login request
username =
Request.form("username");
password=Request.form("password");
var
rso=Server.CreateObject("ADOB.Recordset");
var sql = "select * from users where username = ' " + username +
" ' and password
= ' " + password + " ' " ;
rso.open(sql,cn);
Show how it is possible to carry out attacks to create new users with
arbitrary values for attributes (such as trading limit).
Also
discuss three
potential/actual vulnerabilities that can/have been introduced,
one at
the design stage, one at the implementation stage and one at the
operations
stage.