Post #17,510
11/9/01 1:42:45 PM
|
See the comments at LinuxToday
[link|http://linuxtoday.com/news_story.php3?ltsn=2001-11-08-010-20-PS|Here.] As noted, several of the questions are wrong, many are distribution specific, and most of this is stuff which you should be able to look up in your man page. And, of course, none of the questions test what I really want to know you know how to do, namely find out answers to questions you don't know. And they don't test how well you can put together information and make educated guesses about what is wrong. Personally when I was asked to interview potential sysadmins, the best single question I came up with was this: A cracker might type in the following command:
touch '/tmp/wicked /etc/passwd/'
What does this command do, and what are they hoping to accomplish with it?
I found that people who, without having seen this before, could answer that in full were generally very competent. At the other end people who had to ask if it was syntactically correct, well... Cheers, Ben PS I first heard about this one from Randal Schwartz.
|
Post #17,532
11/9/01 2:39:48 PM
|
I'll bite
Attempt to create a file called '/tmp/wicked\\n/etc/passwd'
By why? It fails because the '/' after the '\\n' signifies another dir level that does not exists.
I assume it is an attempt to leave some type of trap for the passwd program, but it escapes me.
Note: I got 2 wrong.
Umask and something else. I always hated umask.
|
Post #17,542
11/9/01 3:06:03 PM
|
So far so good, now for a hint
First of all they got the umask question wrong, and the answer is distro dependent. (Also anyone sane writes a umask with at least 3 digits, not 2.)
But back to the interview question. You are perfectly right about what the command does. So, assuming that the previous two levels of directories were previously created (say in the previous two lines) and the desired file was created, what is the point?
At this stage in an interview I would give a hint.
The hint is to think about cron jobs which are likely to exist.
Cheers, Ben
|
Post #17,552
11/9/01 3:58:13 PM
|
My guess
Is there a program that is usually set up to clean up the /tmp folder? If such a program were to access a directory of the /tmp dir would it not see that one mangled filename as two separate files (the newline separating them)? Would it not then in deleting the file end up deleting both?
BTW I missed 7 on those, and a few of those I shouldn't have. Doh!
~~~)-Steven----
"I want you to remember that no bastard ever won a war by dying for his country. He won it by making the other poor dumb bastard die for his country..."
General George S. Patton
|
Post #17,568
11/9/01 4:43:17 PM
|
Bingo
If said cron was written as a shell script using find to produce a list of files to remove, and then removing them, it would be very easy to make exactly that mistake. And, of course, that would have to run as root, so it is able to blow away your password file.
If you wrote it in C, Perl, or any other "real programming language", you would not confuse returns inside of filenames as breaks between filenames.
Cheers, Ben
|
Post #17,655
11/10/01 1:05:58 AM
|
gak
a linefeed character in a file name? Ok, what characters aren't allowed in a Unix file name?
Have fun, Carl Forde
|
Post #17,683
11/10/01 2:14:08 PM
11/10/01 2:15:31 PM
|
null and /
Insert usual fun and games with backspace characters, characters which cause X to do funky things, etc.
Edited by ben_tilly
Nov. 10, 2001, 02:15:31 PM EST
|
Post #17,723
11/10/01 10:44:44 PM
|
dont forget pipe and redir | > and your example would be ok
inside " as opposed to `(maybe) thanx, bill
tshirt front "born to die before I get old" thshirt back "fscked another one didnja?"
|
Post #17,829
11/12/01 4:59:39 AM
|
touch 'foo | bar > baz'
Works perfectly well for me.
Cheers, Ben
|
Post #17,823
11/12/01 1:12:27 AM
|
Berkeley, Unix and something else
I'm reminded of a quote about Berkeley, Unix and something else. I'm sure you know what it is... What is the point of allowing control characters? I assume the ommission of null is an artifact of C strings?
[link|http://www.linuxdoc.org/HOWTO/Unicode-HOWTO-3.html|Unicode filenames] are cool though.
Have fun, Carl Forde
|
Post #17,830
11/12/01 5:02:10 AM
|
It is easier to allow than to disallow
Null and the / already were taken. They had assigned meanings, one for C and the other for directories.
Any other characters which you wanted to disallow would be more work. So they just allowed them all.
Cheers, Ben
|
Post #17,538
11/9/01 2:57:35 PM
|
I'll bite
the touch command is used to set the timestamp on a file. You can touch a non-existent file and touch will create it for you. The bad hat doesn't have read access to the password file, so he can't look at it or copy it. But maybe by faking out touch with the bogus path he can have it copy the password file to /tmp/wicked where he will be able to read it.
Have fun, Carl Forde
|
Post #17,541
11/9/01 3:04:53 PM
|
That sounds wrong
If a system isn't running shadowed passwords, he'd have read access to /etc/passwd already. (Unless someone has taken the time to chmod 400 /etc/passwd, which... hmmm... I don't know what would break. Time for experimentation (system security for the paranoid. :=))
If it's using shadow passwords, he doesn't have access to it anyway.
On HPUX 11.0, with ksh, it doesn't do anything.
"Beware of bugs in the above code; I have only proved it correct, not tried it." -- Donald Knuth
|