From 58553b688a43c21c3b55bc0647dfc052c83a8771 Mon Sep 17 00:00:00 2001
From: Leo <leonard.habrom@uni-ulm.de>
Date: Fri, 22 May 2026 11:52:02 +0200
Subject: [PATCH] feat: a3

---
 sheet05/a3/a.txt | 4 ++++
 sheet05/a3/b.txt | 5 +++++
 2 files changed, 9 insertions(+)
 create mode 100644 sheet05/a3/a.txt
 create mode 100644 sheet05/a3/b.txt

diff --git a/sheet05/a3/a.txt b/sheet05/a3/a.txt
new file mode 100644
index 0000000..da14e4d
--- /dev/null
+++ b/sheet05/a3/a.txt
@@ -0,0 +1,4 @@
+Passwords are stored in the /etc/shadow file, which is restricted to the root user. 
+A standard user cannot write to it directly. However, the passwd executable is owned by root and has the SUID permission set. 
+When a standard user runs passwd, the SUID bit tells the system to execute the program with the privileges of root, 
+giving the program the temporary permissions to update /etc/shadow
\ No newline at end of file
diff --git a/sheet05/a3/b.txt b/sheet05/a3/b.txt
new file mode 100644
index 0000000..31d84f1
--- /dev/null
+++ b/sheet05/a3/b.txt
@@ -0,0 +1,5 @@
+The script runs with root privileges because the setuid bit is set. 
+Since it just asks for a username and saves the new hash to /etc/shadow, 
+and there is no validation checking if the user running the program is actually changing their own password, 
+someone could simply run the program, type root as the username, and set a new password for the root user. 
+The script would then overwrite the actual root password in /etc/shadow.
\ No newline at end of file