The basic idea is that a file owner will dictate access to his file named basename.ext by specifying users that are allowed access and the type of access each user is allowed in a file named basename.ext.access. Here basename.ext represents an arbitrary file name and basename.ext.access is the access control list for file basename.ext. Users gain read access to the files via the SUID binary get (that you will write) and which the file owner will place in an appropriate location. Write access is gained via the put binary, which you will also write. If the file basename.ext.access does not exist, no access is allowed via get or put.
Access Control. Access to the protected file basename.ext is determined by the contents of the ACL file named basename.ext.access. If the ACL file does not exist, both get and put exit silently. Entries in the ACL file each contain two components separated by whitespace (space, tab). The first component, which may be preceded by whitespace, is a single userid (alphanumeric value, e.g. “carr”). The second is a single character r, w, or b, indicating read, write, or both read and write access, respectively, for the user with the corresponding userid. This second component may be followed by whitespace. Lines beginning with the character ’#’ are comments. No blank lines are allowed. Get and put check for malformed entries before beginning operation and existence of a malformed entry causes a silent exit. A silent exit must always emit the phrase “silent exit” to the terminal before exiting. If the ACL file is a symbolic link, get and put exit silently. If the protection for basename.ext.access allows any world or group access (via the standard UNIX file protections), get and put fail silently. If the protected file basename.ext is not an ordinary file, get and put fail silently.
Access. A file owner allows access to his files by placing a copy of get and put in an appropriate directory, setting the SUID bit, and allowing others to execute the binary. From the perspective of get or put, the files whose ownership is specified by the effective uid of the executing process are being protected. The files are being protected against the user whose uid corresponds to the real uid of the executing process. For the discussion below, owner is the owner of the binary (i.e., get and put) and user is the user of the binary and the one getting access to owner’s files. A user attempts read access to a file by executing the command:
get <source> <destination>
Get determines the ownership for source and destination before performing the operation. (See the manual page for fstat()) Access is allowed only if:
sourceis owned byownerownerhas read access tosource- the file
source.accessexists and contains an entry grantinguserread access source.accessmust be owned byownerand have owner permission only— no group or world accessusercan write to the filedestinationand owns that file if it exists, and is made the owner if it does not exist
If read access is allowed, the file source is copied to the file destination. If destination already exists, the user is queried before the file is overwritten. A user attempts to write a file by executing the command:
put <source> <destination>
Put determines the ownership for source and destination before performing the operation. (See the manual page for fstat()) Access is allowed only if:
ownerownsdestinationownerhas write access to the filedestination- the file
destination.accessexists and contains an entry grantinguserwrite access - the file
destination.accessmust be owned byownerand have owner permission only— no world or group access usermay readsource
If write access is allowed, the file source is written to the file named destination. If destination already exists, the user is queried before the file is overwritten. If destination is overwritten, the owner and protections of the file are not changed by the write. If destination does not exist, it is created with the owner and group corresponding owner and his default group. (See the manual page for getpwnam()) The file protection is set to 400.
Miscellaneous. You need not worry about file locking for this assignment. You may as- sume that only one instance of get or put is operating against a file at any given time. The rules discussed for secure SUID programming must be followed in this assignment. The project must be coded in C and will be tested on a Linux system similar to the one you will be given in a virtual machine.