| author | Christian Urban <christian dot urban at kcl dot ac dot uk> |
| Mon, 10 Nov 2014 23:28:19 +0000 | |
| changeset 302 | 17890d4b0688 |
| parent 276 | d7109c6e721d |
| child 389 | 9019f84ef99c |
| permissions | -rw-r--r-- |
| 33 | 1 |
\documentclass{article}
|
2 |
\usepackage{charter}
|
|
3 |
\usepackage{hyperref}
|
|
4 |
||
5 |
\begin{document}
|
|
6 |
||
| 39 | 7 |
\section*{Homework 3}
|
| 33 | 8 |
|
9 |
\begin{enumerate}
|
|
|
239
0db764174afb
updated home works
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
144
diff
changeset
|
10 |
\item What should the architecture of a network application under Unix |
|
0db764174afb
updated home works
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
144
diff
changeset
|
11 |
be that processes potentially hostile data? |
| 33 | 12 |
|
| 34 | 13 |
\item How can you exploit the fact that every night root has a cron |
|
239
0db764174afb
updated home works
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
144
diff
changeset
|
14 |
job that deletes the files in \texttt{/tmp}? (Hint: cron-attack)
|
|
0db764174afb
updated home works
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
144
diff
changeset
|
15 |
|
|
0db764174afb
updated home works
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
144
diff
changeset
|
16 |
\item How does a buffer-overflow attack work? (Hint: What happens on |
|
0db764174afb
updated home works
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
144
diff
changeset
|
17 |
the stack.) |
|
0db764174afb
updated home works
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
144
diff
changeset
|
18 |
|
|
276
d7109c6e721d
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
257
diff
changeset
|
19 |
\item Why is it crucial for a buffer overflow attack that the stack |
|
239
0db764174afb
updated home works
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
144
diff
changeset
|
20 |
grows from higher addresses to lower ones? |
| 34 | 21 |
|
|
257
9bc912fcedb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
239
diff
changeset
|
22 |
\item If the attacker uses a buffer overflow attack in order to |
|
9bc912fcedb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
239
diff
changeset
|
23 |
inject code, why can this code not contain any zero bytes? |
|
9bc912fcedb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
239
diff
changeset
|
24 |
|
|
239
0db764174afb
updated home works
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
144
diff
changeset
|
25 |
\item How does a stack canary help with preventing a buffer-overflow |
|
0db764174afb
updated home works
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
144
diff
changeset
|
26 |
attack? |
|
0db764174afb
updated home works
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
144
diff
changeset
|
27 |
|
|
0db764174afb
updated home works
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
144
diff
changeset
|
28 |
\item Why does randomising the address where programs are run help |
|
0db764174afb
updated home works
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
144
diff
changeset
|
29 |
defending against buffer overflow attacks? |
|
0db764174afb
updated home works
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
144
diff
changeset
|
30 |
|
|
0db764174afb
updated home works
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
144
diff
changeset
|
31 |
\item Assume format string attacks allow you to read out the |
|
0db764174afb
updated home works
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
144
diff
changeset
|
32 |
stack. What can you do with this information? (Hint: Consider what |
|
0db764174afb
updated home works
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
144
diff
changeset
|
33 |
is stored in the stack.) |
| 34 | 34 |
|
|
110
fefd78525434
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
97
diff
changeset
|
35 |
\item Assume you can crash a program remotely. Why is this a problem? |
|
fefd78525434
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
97
diff
changeset
|
36 |
|
|
239
0db764174afb
updated home works
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
144
diff
changeset
|
37 |
\item How can the choice of a programming language help with buffer |
|
0db764174afb
updated home works
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
144
diff
changeset
|
38 |
overflow attacks? (Hint: Why are C-programs prone to such attacks, |
|
0db764174afb
updated home works
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
144
diff
changeset
|
39 |
but not Java programs.) |
| 33 | 40 |
\end{enumerate}
|
41 |
||
42 |
\end{document}
|
|
43 |
||
44 |
%%% Local Variables: |
|
45 |
%%% mode: latex |
|
46 |
%%% TeX-master: t |
|
47 |
%%% End: |