scenario hard Analyze threat-reasoning 2 points

Question 41. CSCD240-E1-C

-rwsrwxrwx root root .xhelper in /tmp. Why alarming?

Work the drill

Answer on paper or in a terminal before revealing the ideal answer.

Ideal answer

Two problems: (1) setuid-root in world-writable location = privilege-escalation footgun; (2) owned by root but with 777 (world-write) permissions means any user can replace the binary contents, gaining root the next time a priv user runs it.

Misconception bank

Each row below is a plausible wrong answer, the thinking that produces it, and the remedy that corrects the misconception. These are the foundation of the multiple-choice framing and the targeted feedback a student receives after answering.

Just a file

Misconception. Misses both setuid-root AND world-writable implications.

Remedy. Name both risks.

Authority mappings

Hover any chip for the mapping justification; click to open the authority record.

DCWF roles: CE-121 Exploitation Analyst CS-541 Vulnerability Assessment Analyst

DCWF tasks: T0250

KU outcomes: CO-M10-O1 CO-M6-O1

Course-artifact links

Lectures

CSCD240-S26-L05. Permissions part 1: ls -l anatomy, rwx, file types