% Week 08 Notes for CST8207 - Fall 2012
% Ian! D. Allen - idallen@idallen.ca - www.idallen.com
% Fall 2012 - September to December 2012 - Updated Sat Oct 27 16:42:40 EDT
  2012

Readings, Assignments, Labs, and ToDo
=====================================

-   Read (at least) these things (All The Words):
    -   [Week 08 Notes HTML] - This File - ** Read All The Words **
    -   [Symbolic Links - Soft Links - Symlinks]
    -   [Unix Modes and Permissions]
    -   [Umask and Permissions]
    -   [List of Commands]

-   Read (All The Words), Do, and Save (but not for hand-in):
    -   [Lab Worksheet #07 ODT]
    -   [Lab Worksheet #07 PDF]
    -   [Lab Worksheet #09 ODT]
    -   [Lab Worksheet #09 PDF]
    -   Quizzes will ask you about your answers in your saved worksheets.

-   Read (All The Words), Do, and then Submit via Blackboard:
    -   [Assignment #07]
    -   [Assignment #08]
    -   [Assignment #09]

-   See the information about the November 5 Midterm Test in this file.
-   Write down the dates of your Final Exams from the [Course Home Page].
-   **READ ALL THE WORDS**

Midterm Test #2 - Week 10 - Monday November 5 - 25%
====================================================

-   Midterm test dates are posted on the [Course Home Page].
-   Midterm Test #2 (Mon Nov 5) covers:
    -   anything from the previous midterm test, especially questions that
        were not answered correctly, plus:
    -   [Week 04 Notes HTML]
    -   [Week 05 Notes HTML]
    -   [Week 06 Notes HTML]
    -   [Week 07 Notes HTML]
    -   [Week 08 Notes HTML]
    -   [Assignment #05]
    -   [Assignment #07]
    -   [Assignment #08]
    -   [Assignment #09]
    -   [Lab Worksheet #05 ODT] [Lab Worksheet #05 PDF]
    -   [Lab Worksheet #07 ODT] [Lab Worksheet #07 PDF]
    -   [Lab Worksheet #09 ODT] [Lab Worksheet #09 PDF]

-   See the [Practice Test #2 PDF] and answer file in the [Class Notes].
-   You must read the [Test Instructions] before the test for important
    directions on how to enter your answers and the test version number on
    the mark-sense forms.
-   You must know which **Lab Section Number** you attend, and write that
    number on your question sheet. (**NOT** your lecture section number!)
-   The first 50 minutes of the two-hour class is for questions; the last 45
    minutes are for the midterm test. There may be more questions on the test
    than you can answer in the time allowed; answer the ones you know, first.

Final Exam Schedule is Posted
=============================

Your Final Exam schedule is posted in the ICT office and on the [Course Home
Page].

Lecture Notes for This Week
===========================

-   Review last week. Did you do everything assigned last week?

-   Send me the Rap video! If you license it for public view, I’ll post it.
    -   videos published: [CST8207 Rap Videos]
    -   any more?

From the Class Notes link on the Course Home Page
-------------------------------------------------

-   [Symbolic Links - Soft Links - Symlinks]
-   [Unix Modes and Permissions]
-   [Umask and Permissions]
-   [List of Commands]

From the Classroom Whiteboard/Chalkboard
----------------------------------------

### Your in-class notes go here - take notes in class!

Why doesn’t this work? (See Worksheet section 5.3.)

    $ touch lab5.3b
    $ rm lab5.[3b]

A useful option to **`ls`** is **`-L`** - dereference symlinks:

    $ ls -dils /bin/*sh                                       
    524294 936 -rwxr-xr-x 1 root root 955024 Apr  3  2012 /bin/bash
    524318 108 -rwxr-xr-x 1 root root 109768 Mar 29  2012 /bin/dash
    524419   0 lrwxrwxrwx 1 root root      4 Sep  7 00:22 /bin/rbash -> bash
    524434   0 lrwxrwxrwx 1 root root      4 Sep  7 00:22 /bin/sh -> dash
    524438   0 lrwxrwxrwx 1 root root      7 Sep  7 00:22 /bin/static-sh -> busybox
    $ ls -dilsL /bin/*sh
    524294  936 -rwxr-xr-x 1 root root  955024 Apr  3  2012 /bin/bash
    524318  108 -rwxr-xr-x 1 root root  109768 Mar 29  2012 /bin/dash
    524294  936 -rwxr-xr-x 1 root root  955024 Apr  3  2012 /bin/rbash
    524318  108 -rwxr-xr-x 1 root root  109768 Mar 29  2012 /bin/sh
    524297 1788 -rwxr-xr-x 1 root root 1827920 Apr 13  2012 /bin/static-sh
    $ ls -dilsL /bin/*sh | sort
    524294  936 -rwxr-xr-x 1 root root  955024 Apr  3  2012 /bin/bash
    524294  936 -rwxr-xr-x 1 root root  955024 Apr  3  2012 /bin/rbash
    524297 1788 -rwxr-xr-x 1 root root 1827920 Apr 13  2012 /bin/static-sh
    524318  108 -rwxr-xr-x 1 root root  109768 Mar 29  2012 /bin/dash
    524318  108 -rwxr-xr-x 1 root root  109768 Mar 29  2012 /bin/sh

-   A useful option to **`find`** is **`-links`** - find by number of links:
    -   **`$ find /lib -type f -links +1 -ls`**

-   A useful option to **`find`** is **`-inum`** - find by inode number:
    -   **`$ find /lib -inum 171600 -ls`**

Real Sysadmin Work
==================

Changes by Ubuntu to the basic Unix security model for symlinks and hard
links:

-   Overview:
    <http://utcc.utoronto.ca/~cks/space/blog/linux/Ubuntu1204Symlinks>
    -   *“In the standard kernel, this […] blocks hardlinks to devices,
        setuid files, executable setgid files, and files that the UID making
        the link cannot read or write to (except that the owner of a file is
        always allowed to make hardlinks to it). Note that this blocks
        hardlinks to other people’s world-readable files if you can’t write
        to them.”*

-   <http://lwn.net/Articles/390323/>
    -   *“But some kernel hackers are not convinced that the core kernel
        should be fixing badly written applications.”*

-   <http://utcc.utoronto.ca/~cks/space/blog/linux/Ubuntu1204Symlinks>
    -   *“Both the Ubuntu Yama LSM and the new standard kernel code for this
        stuff include a second restriction, this time on what can be
        hardlinked.”*

-   Code patch and descriptions: <http://lwn.net/Articles/393012/>
    -   *“Normally, hardlinks can be created to files that a given user does
        not have access to. This can create security problems where
        privileged processes act on files that only they have access to, but
        have been put places unexpectedly by an attacker. This option limits
        the creation of hardlinks to files that a given user would be unable
        to read and write originally, or are not otherwise sensitive.”*

-   Change behaviour: **`sysctl -w kernel.yama.protected_sticky_symlinks=0`**
-   Change behaviour:
    **`sysctl -w kernel.yama.protected_nonaccess_hardlinks=0`**

More Ubuntu Linux on your Phone
===============================

[See Here]

    -- 
    | Ian! D. Allen  -  idallen@idallen.ca  -  Ottawa, Ontario, Canada
    | Home Page: http://idallen.com/   Contact Improv: http://contactimprov.ca/
    | College professor (Free/Libre GNU+Linux) at: http://teaching.idallen.com/
    | Defend digital freedom:  http://eff.org/  and have fun:  http://fools.ca/

[Plain Text] - plain text version of this page in [Pandoc Markdown]
format 

  [Symbolic Links - Soft Links - Symlinks]: 460_symbolic_links.html
  [Unix Modes and Permissions]: 500_permissions.html
  [Umask and Permissions]: 510_umask.html
  [List of Commands]: 900_unix_command_list.txt
  [Lab Worksheet #07 ODT]: worksheet07.odt
  [Lab Worksheet #07 PDF]: worksheet07.pdf
  [Lab Worksheet #09 ODT]: worksheet09.odt
  [Lab Worksheet #09 PDF]: worksheet09.pdf
  [Lab Worksheet #05 ODT]: worksheet05.odt
  [Lab Worksheet #05 PDF]: worksheet05.pdf
  [Practice Test #2 PDF]: practicetest2.pdf
  [Class Notes]: indexcgi.cgi
  [Test Instructions]: 000_test_instructions.html
  [CST8207 Rap Videos]: 000_Rap.html
  [See Here]: data/ubuntuphone/
  [Plain Text]: week08notes.txt
  [Pandoc Markdown]: http://johnmacfarlane.net/pandoc/