Worksheet 06: Software Security I | Computer Security (Fall 2024)

Worksheet 06: Software Security I

Worksheets are self-guided activities that reinforce lectures. They are not graded for accuracy, only for completion. Worksheets are due by the start of the next lecture via Blackboard link as a single PDF document. Be sure to properly label each question.

Questions

  1. Explain what a TOCTOU Race is using the following short program example, assuming the program has some level of additional priviledge to access file that an attacker normally doesn’t.

    if(access("file",PERMS REQUESTED)==0)   // Line 1
  filedescr = open("file", PERMS)       // Line 2

  2. What is the mitigation to the above example?

  3. What does the function unlink() and link() do in an i-node file systems?

  4. What is the difference between a symbolic and hard link in an i-node file system?

  5. What is the PATH environment variable, what is it used for?

  6. Consider the function call to system(), like so system("cat foo.txt"). Explain how this is a potential security vulnerability if the program is privileged.

  7. What is an injection attack? Provide an example.

  8. What is a buffer overflow, and how can it be used in an exploit?

  9. Download the following exercise exploit-me-1 as a zip file and unzip it. You should open that directory in a VSCode environment. If you already have Docker Desktop installed, it should also prompt you to open it in a container. Please do so. If you need some review, refer to problem #12 in Worksheet 3.

    In here you’ll find the source code (minus the flag) for a program that can be exploited using a path attack, injection attack, and a buffer overflow. Do so and retrieve the flag. Also, come up with as many ways to exploit it as possible.

  10. Consider a three-bit number in 2’s compliment. For all bit arrangements, write out the values in base 10.

  11. Still considering the three-bit number in 2’s compliment, what would be 3+2 ? Show the math.

  12. Using the example from above, explain how an integer overflow attack would be possible?

  13. Download the following exercise exploit-me-2 as a zip file and unzip it. You should open that directory in a VSCode environment. If you already have Docker Desktop installed, it should also prompt you to open it in a container. Please do so. If you need some review, refer to problem #12 in Worksheet 2.

    In here you’ll find the source code (minus the flag) for a program that can be exploited using an integer overflow. Do so and retrieve the flag. Also describe a way to fix this program.