- This assignment is to be done under the RH7.2 Virtual Machine. Remember, you prepared this during Lab0
- Some code for this assignment is on the VM EXCEPT for account.c and race.c. There is an update below on what to do with these files.
- We will run your exploit on unmodified, original source code on a newly installed RH72 VM.
- Download a1.zip, extract it, your solution to this assignment will be placed in this directory.
- You might want to consider taking a snapshot of the VM before you begin in case you destroy it accidentially.
- This assignment is heavily based on last years A1. I am providing you a marking guide which is still available from last year, but have modified the marks to match this year’s assignment. The marking scheme from last year can guide you to the right answers, or will be referenced directly in some questions. Use it to your advantage, this is providing you with a lot of hints and direction. Last year’s marking scheme and questions form the basis for this year’s assignment. In some cases this will provide guidance to you, in other cases it will serve as the basis from which you will answer this year’s questions. Because this is made available to you, we will be a bit more reserved in providing additional hints via piazza though.
- [10 Marks] Race Conditions. Replace /questions/race/race.c with the race.c file from the starter code. Then solve the questions in race.c. You should perform the following steps.You should then run race as hacker and compare what happens when you run race as other (non-root) users.
This setuid program (race) will restrict access to the owner of the file, no matter which owner it is. Since hacker owns it, other non-root users will not be able to manipulate the file with race. (Find other non-root users on the VM to try this with).
Find the steps(questions) inside the race.c file.
- [25 Marks] Your VM has code installed in
IMPORTANT: As root on the VM, replace /vulnerable/account.c with this account.c and then
setup.bash. You may have to
chmod +x setup.bash
Your task for this question is to identify vulnerabilities, demonstrate exploits and explain the exploits impact and fix the vulnerabilities. See for example, cert.org vulnerability notes and Common Vulnerabilities and Exposures. You do not have to exploit buffer overrun vulnerabilities for this part of the assignment, just identify vulnerable code and explain the potential impact. Look at A1MarkingScheme, and pick any 10 out of the 20 vulnerabilities listed. Write a report (see REPORT.txt) listing each vulnerability you choose, include a collection of exploits for the vulnerability (code, inputs, scripts etc. we can run to see the exploit in action), the impact of the vulnerability, and identify a category (CIA) for the impact (see the list below). Include inputs, scripts, code etc. demonstrating each exploit.To think about this question, consider the following: Secure properties (CIA)
In other words: These vulnerabilities include, buffer overruns, integer overflows, canonical naming, directory traversals,… Once you identify a vulnerability, demonstrate associated exploits (code/inputs). Describe the impact of the exploit. Impacts include things like denial of service, authentication issues, accountability issues, priviledge escalation (see principle of least priviledge), … Finally identify the impact as a violation of Confidentiality, Integrity or Availability and justify your answer.
Hint: Thinking in terms of the above list is a good way to start thinking about potential exploits and you can map them to the vulnerabilities mentioned in A1MarkingScheme. Look through A1MarkingScheme, identify 10 vulnerabilities of your choice from this list in the code file, and complete REPORT.txtFinally fix the code, explaining how you fixed the vulnerabilities and prevented the exploit and restored CIA.
Copy accounts.c to accounts_fixed.c and fix the vulnerabilities you identified. In REPORT.txt note for each issues whether you have fixed this vulernability in accounts_fixed.c.