On Unix systems, a convenient way of packaging a collection of files is a SHeLL

Question

On Unix systems, a convenient way of packaging a collection of files is a SHeLL Archive,
or shar file. A shar file is a shell script that will unpack itself into the appropriate files and
directories. Shar files are created by the shar command. The implementation of the shar
command in a legacy version of the HP-UX operating system created a temporary file with
an easily predictable filename in directory /tmp. This temporary file is an intermediate file
that is created by shar for storing temporary contents during its execution. Also, if a file with
this name already exists, then shar opens the file and overwrites it with temporary contents.
If directory/tmp allows anyone to write to it , a vulnerability exists. An attacker can exploit such
a vulnerability to overwrite a victims file . (1) What knowledge about shar should the attacker
have ? (2) Describe the command that the attacker issues in order to have shar overwrite an
arbitrary file of a victim. Hint: the command is issued before shar is executed. ( 3) Suggest a
simple fix to the shar utility to prevent the attack. Note that this is not a setuid question?

Explanation / Answer

1.    Introduction of Computer and Network Security

The method of protecting your computer or your network from unauthorized users and spam by using different types of software or hardware is known as computer security. The violation of computer and network security occurs due to unauthorized access by any party. Computer security is vital for every organization to avoid hostile software or intruders damages. Many forms of damages can take place due to lack of security. Let

Related Questions

Navigate

• Browse (All)
• Browse O
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.