[2019] INFR11098 SECURE PROGRAMMING - Final Exam - Q1 Environment Concerns
1. This question concerns the effects of the environment upon secure programming.
(a) In general terms, what are the main security issues concerning the environment in which a program executes? [4 marks]
(b) The two environment variables PATH and LD_LIBRARY_PATH can affect the behaviour of programs in Unix-style systems. Explain the similarity and difference between the two variables, stating which programs are affected.
For each case, illustrate your explanation with examples of potentially risky values for the variable and explain how an attacker might take advantage. Finally, explain how the potential vulnerabilities may be avoided. [10 marks]
(c) Consider the following PHP code fragment for a medical records application,
which performs authentication by checking if a cookie has been set.
$auth = $_COOKIES[’authenticated’];
if (! $auth) {
if (AuthenticateUser($_POST[’user’], $_POST[’password’]) == "success") {
// save the cookie to send out in future responses
setcookie("authenticated", "1", time()+60*60*2);
}
else {
ShowLoginScreen();
die("\n");
}
}
DisplayMedicalHistory($_POST[’patient_ID’]);
i. What is the purpose of the time setting in the call to setcookie, why do you think the programmer makes this choice and how does it have an effect? Mention trust relationships in your answer. [5 marks]
ii. Explain how an attacker can defeat the authentication check here even before the first login. [1 mark]
(d) Consider the two Java code fragments below.
Fragment (A):
String ctl = request.getParameter("ctl");
Worker ao = null;
if (ctl.equals("Add")) {
ao = new AddCommand();
}
else if (ctl.equals("Modify")) {
ao = new ModifyCommand();
}
else {
throw new UnknownActionError();
}
ao.doAction(request);
Fragment (B):
String ctl = request.getParameter("ctl");
Class cmdClass = Class.forName(ctl + "Command");
Worker ao = (Worker) cmdClass.newInstance();
ao.checkAccessControl(request);
ao.doAction(request);
The purpose of the code is to implement a command dispatcher pattern. Fragment (B) is being proposed as an improved, cleaner refactoring of (A). The improvement uses Java’s reflection language feature.
You are asked to do a code review of the proposed change. Explain the revised code and how it operates, suggesting why the programmer has added the access control in the revised code. Give two reasons why it may be seen as a poorer, more vulnerable security design than the original code.
Get the Solution to This Question
WeChat (微信)
WhatsApp
