In this assignment you will analyze the bugs in your security layer from [wiki:EducationalAssignments/SetMaxFileSizePartOne SetMaxFileSizePartOne] and fix them. You may want to use test cases from [wiki:EducationalAssignments/SetMaxFileSizePartTwo SetMaxFileSizePartTwo] to help identify these bugs. Finally, you will write a report discussing the different classes of bugs that your code had, and why.
In this assignment you are fixing your reference monitor. You have been sent a bunch of test programs that try to compromise your reference monitor. Your job will be to determine where your reference monitor failed, and fix it to ensure an attacker cannot circumvent the security layer.
-
The reference monitor needs to track the state of the information on disk, but cannot re-read it for every access (due to efficiency concerns). A common mistake is when the attacker can cause the reference monitor’s state to diverge from the underlying system’s state, especially in error conditions. The reference monitor and disk's states should be in sync.
-
Time-of-check-to-time-of-use (TOCTTOU) bugs and other types of race conditions are a fairly common oversight for students. Some students write test cases that attempt to trigger a race condition to exploit these problems. This can result in essentially any sort of attack, even infinite loops in the reference monitor in some cases.
-
Some reference monitors inappropriately share state for different files. An attacker may be able to exploit this and cause security and accuracy issues.
-
Many reference monitors had accuracy or security bugs as a result of not properly following the instructions.
def writeat(self,data,offset):
#raise error if user try to write beyond permitted file size
if offset >= mycontext['size']:
raise SeekPastEndOfFileError("Tried to beyond permitted file size!")
# Write the requested data to the file using the sandbox's writeat call
self.file.writeat(data,offset)
Let's analyze some of the bugs in this implementation. According to the specifications in [wiki:EducationalAssignments/SetMaxFileSizePartOne SetMaxFileSizePartOne], data should not go beyond permitted size during a writeat operation. In this code it is checking for valid offset but it is missing the following case - In the code above, it would allow user to write data which starts from a valid offset but goes beyond maximum allowed file size. This makes file larger than the allowed size. So what should have been included in code is a condition which prevents the write operation when (offset+length of data) becomes greater than allowed size.
- Turn in the reference monitor that you have fixed. The name of the reference monitor should be in the form of reference_monitor_netid.r2py e.g. reference_monitor_jcappos.r2py All letters must be lowercase.
- In addition to your reference monitor, fill in the form given on the link in assignment 2 part 3. You can submit the form only once so be sure to submit it properly in the first time itself.