Tag: security

Questions Related to security

  1. Security is handled at OS level by giving only read level privilege so no need to put an extra check here.

  2. Only problem here is that fileName may not be syntactically incorrect so it should be validated before using it in the function.

  3. This code can lead to information disclosure attack

  4. Java provides enough security by default for IO operations so this code is not vulnerable.


Correct Option: C
  1. Can be used to mark code as being "privileged", thus affecting subsequent access determinations

  2. Can be to decide whether an access to a critical system resource is to be allowed or denied, based on the security policy currently in effect

  3. Can be used to obtain a "snapshot" of the current calling context

  4. Can be used to compute a cryptographically secure hash


Correct Option: D
  1. Create a hash of the document and encrypt the resulting hash using the signer's private key

  2. Encrypt the document using the signer's private key

  3. Encrypt the document using the signer's private key and create a hash of the encrypted document

  4. Encrypt the document using the signer's public key


Correct Option: A
Explanation:

To sign a document using a digital signature, the user needs to know the basic concepts of public key cryptography and digital signatures.

Now, let's go through each option and explain why it is right or wrong:

A. Create a hash of the document and encrypt the resulting hash using the signer's private key. This option is partially correct. To sign a document, the signer first creates a hash of the document to be signed. The hash is then encrypted using the signer's private key. However, the encrypted hash is not the signature itself; it is just one part of the signature. The encrypted hash, along with the signer's public key and other information, is used to create the digital signature.

B. Encrypt the document using the signer's private key. This option is incorrect. Signing a document does not involve encrypting the entire document using the signer's private key. Instead, the document is hashed and a digital signature is created using the private key.

C. Encrypt the document using the signer's private key and create a hash of the encrypted document. This option is incorrect. Signing a document does not involve encrypting the document using the signer's private key. Instead, the document is hashed and a digital signature is created using the private key.

D. Encrypt the document using the signer's public key. This option is incorrect. Signing a document does not involve encrypting the document using the signer's public key. Instead, the document is hashed and a digital signature is created using the signer's private key.

The Answer is: A

The following code is part of a system daemon that is run with elevated privileges. It opens a temp file in /tmp directory as a cache. Is there an issue in this code sample? Please assume that filling up /tmp is not an issue here.

int outfile = fopen(“/tmp/cache_data”, O_WRONLY | O_CREAT | O_TRUNC, 0600);
  1. Since the file name is hard coded, fopen() will fail if the file already exists.

  2. 0600 is not a secure option. The parameter 0600 should be changed to 0666

  3. Attackers can exploit by creating a symboling link /tmp/cache_data that points to a system file.

  4. Attackers can exploit the application's cache by writing directly to /tmp/cache_data


Correct Option: C
  1. Overwriting freed memory is a security vulnerability

  2. Depends on the application and how important “somedata” is

  3. This will result in a buffer overflow since the freed memory location cannot handle 8 characters of data “somedata”

  4. strcpy() will fail as it cannot write to already freed memory, and the application will crash.


Correct Option: A

In the following code, which is the location of vulnerability?

1  bIsAdmin = true; 
2  try  
3  { 
4  function (); 
5   bIsAdmin = isAdminUser(userName); 
6  } 
7  catch (Exception ex)  
8  { 
9   log.write(ex.toString()); 
10 }
  1. Line 9

  2. Line 5

  3. Line 7

  4. Line 1


Correct Option: D