Question $1$Which of the following will prevent a time$-$of$-$check$-$to$-$time$-$of$-$use race condition?Make the program non$-$setuid and non$-$setgid, so the real and effective UIDs are the sameMake the directory containing the file unwritable by untrusted usersEnsure the indivisibility of the check and the useUse an advisory lock to lock the fileQuestion $2$Can a race condition occur within a single process?No$,$ because a single process is deterministic and so the uncertainty needed for a race condition to be exploited do not existYes, because a single process can read and write a fileNo, because an external entity $($attacker$)$ has to create a second process to interact with the process in order to create the "race"Yes, because asynchronous actions can occur within a single processQuestion $3$Under what conditions can checking a $($regular$)$ file with access$()$ followed by an open$()$ not create a race condition?Under no conditionsWhen the file name used in both system calls refers to the same file $($object$)$When the directories on the full, canonical path name of the file can be written only by trusted usersWhen the directory containing the named file is writable only by the userQuestion $4$How should a program interact with its environment?Make the program as self$-$contained as possible $($ie$,$ minimize interaction with the environment$)$Minimize trust in environment variables by deleting all environment variablesMinimize dependence on files by ensuring all file descriptors are closed at the beginning of the programMinimize the process' privileges by setting the UID and GID to unused ones, so the process can only access those files available to everyone $($ie$,$ "world" or "other"$)$Question $5$Two conditions are necessary for there to be an exploitable time$-$of$-$check$-$to$-$time$-$of$-$use $($TOCTTOU$)$ race condition. One of them is the environmental condition. What does that condition describe?A user can replace the configuration file for the programA user can alter the value of environment variables that the program usesA user can replace the file involved in the potential race conditionA user can alter the file containing the programQuestion $6$When a process reads or writes a file, when is access permission checked?When the file is opened.When the file is closed.When the file is opened, and for each read and write thereafter.When the file is read or written, and when it is closedQuestion $7$How can you tell by which name a program was invoked, when writing the program?Its address is in the globally defined variable char $*$prognameIts address is the first argument to main$()$Its address is the first element of the second argument to main$()$tIs address is the first element of the global variable char $*$environ$[]$Question $8$Recall fexecve$()$ is like execve$(),$ but requires a file descriptor rather than a file name. Must a file be opened for reading by a process in order for the process to execute it using fexecve$()?$Yes, as long as the process has read and execute access to the directory containing the fileNo; as the kernel is starting the execution of the file, the file need not be open for reading.No$,$ unless the file was opened with the flag O$\_$EXECYes; if the process could not read the file, fexecve$()$ would not be able to load the file into memory in order for it to be executedQuestion $9$When a process spawns a child process, which of the following is the best reason that should you close unneeded file descriptors in the child process before calling execve$()?$By closing the file descriptors, the parent can continue to use them; otherwise they would be associated with the new program and so the parent could not access them.You have to close one of the descriptors so you can use the other to communicate with the parent.The child process can read from or write to the descriptors, and so may read confidential information or alter the file's contents.This cleans up the environment and so minimizes the resources used by the child.Question $10$Do the bindings of a file name and the corresponding file descriptor differ?The bindings between either and an inode $($file object$)$ can changeOnce established, the bindings between either and an inode $($file object$)$ cannot changeThe binding between a file name and an inode $($file object$)$ can change, but once it is established, the binding between a file descriptor and an inode cannot.The binding between a file descriptor and an inode $($file object$)$ can change, but once it is established, the binding between a file name and an inode cannot.Question $11$Two conditions are necessary for there to be an exploitable time$-$of$-$check$-$to$-$time$-$of$-$use $($TOCTTOU$)$ race condition. One of them is the programming condition. What does that condition describe?The program accesses a fileThe program has a gap between starting and opening a fileThe program has a gap between checking some condition and, if the condition is met, accessing the fileThe program has a gap between opening and closing a fileQuestion $1$Which of the following will prevent a time$-$of$-$check$-$to$-$time$-$of$-$use race condition?Make the program non$-$setuid and non$-$setgid, so the real and effective UIDs are the sameMake the directory containing the file unwritable by untrusted usersEnsure the indivisibility of the check and the useUse an advisory lock to lock the fileQuestion $2$Can a race condition occur within a single process?No$,$ because a single process is deterministic and so the uncertainty needed for a race condition to be exploited do not existYes, because a single process can read and write a fileNo, because an external entity $($attacker$)$ has to create a second process to interact with the process in order to create the "race"Yes, because asynchronous actions can occur within a single processQuestion $3$Under what conditions can checking a $($regular$)$ file with access$()$ followed by an open$()$ not create a race condition?Under no conditionsWhen the file name used in both system calls refers to the same file $($object$)$When the directories on the full, canonical path name of the file can be written only by trusted usersWhen the directory containing the named file is writable only by the userQuestion $4$How should a program interact with its environment?Make the program as self$-$contained as possible $($ie$,$ minimize interaction with the environment$)$Minimize trust in environment variables by deleting all environment variablesMinimize dependence on files by ensuring all file descriptors are closed at the beginning of the programMinimize the process' privileges by setting the UID and GID to unused ones, so the process can only access those files available to everyone $($ie$,$ "world" or "other"$)$Question $5$Two conditions are necessary for there to be an exploitable time$-$of$-$check$-$to$-$time$-$of$-$use $($TOCTTOU$)$ race condition. One of them is the environmental condition. What does that condition describe?A user can replace the configuration file for the programA user can alter the value of environment variables that the program usesA user can replace the file involved in the potential race conditionA user can alter the file containing the programQuestion $6$When a process reads or writes a file, when is access permission checked?When the file is opened.When the file is closed.When the file is opened, and for each read and write thereafter.When the file is read or written, and when it is closedQuestion $7$How can you tell by which name a program was invoked, when writing the program?Its address is in the globally defined variable char $*$prognameIts address is the first argument to main$()$Its address is the first element of the second argument to main$()$tIs address is the first element of the global variable char $*$environ$[]$Question $8$Recall fexecve$()$ is like execve$(),$ but requires a file descriptor rather than a file name. Must a file be opened for reading by a process in order for the process to execute it using fexecve$()?$Yes, as long as the process has read and execute access to the directory containing the fileNo; as the kernel is starting the execution of the file, the file need not be open for reading.No$,$ unless the file was opened with the flag O$\_$EXECYes; if the process could not read the file, fexecve$()$ would not be able to load the file into memory in order for it to be executedQuestion $9$When a process spawns a child process, which of the following is the best reason that should you close unneeded file descriptors in the child process before calling execve$()?$By closing the file descriptors, the parent can continue to use them; otherwise they would be associated with the new program and so the parent could not access them.You have to close one of the descriptors so you can use the other to communicate with the parent.The child process can read from or write to the descriptors, and so may read confidential information or alter the file's contents.This cleans up the environment and so minimizes the resources used by the child.Question $10$Do the bindings of a file name and the corresponding file descriptor differ?The bindings between either and an inode $($file object$)$ can changeOnce established, the bindings between either and an inode $($file object$)$ cannot changeThe binding between a file name and an inode $($file object$)$ can change, but once it is established, the binding between a file descriptor and an inode cannot.The binding between a file descriptor and an inode $($file object$)$ can change, but once it is established, the binding between a file name and an inode cannot.Question $11$Two conditions are necessary for there to be an exploitable time$-$of$-$check$-$to$-$time$-$of$-$use $($TOCTTOU$)$ race condition. One of them is the programming condition. What does that condition describe?The program accesses a fileThe program has a gap between starting and opening a fileThe program has a gap between checking some condition and, if the condition is met, accessing the fileThe program has a gap between o