hws/hw03.tex
author Christian Urban <christian dot urban at kcl dot ac dot uk>
Tue, 21 Oct 2014 12:37:18 +0100
changeset 255 9cf486aea756
parent 239 0db764174afb
child 257 9bc912fcedb6
permissions -rw-r--r--
updated
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
33
Christian Urban <urbanc@in.tum.de>
parents:
diff changeset
     1
\documentclass{article}
Christian Urban <urbanc@in.tum.de>
parents:
diff changeset
     2
\usepackage{charter}
Christian Urban <urbanc@in.tum.de>
parents:
diff changeset
     3
\usepackage{hyperref}
Christian Urban <urbanc@in.tum.de>
parents:
diff changeset
     4
Christian Urban <urbanc@in.tum.de>
parents:
diff changeset
     5
\begin{document}
Christian Urban <urbanc@in.tum.de>
parents:
diff changeset
     6
39
Christian Urban <urbanc@in.tum.de>
parents: 38
diff changeset
     7
\section*{Homework 3}
33
Christian Urban <urbanc@in.tum.de>
parents:
diff changeset
     8
Christian Urban <urbanc@in.tum.de>
parents:
diff changeset
     9
\begin{enumerate}
239
0db764174afb updated home works
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 144
diff changeset
    10
\item What should the architecture of a network application under Unix
0db764174afb updated home works
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 144
diff changeset
    11
  be that processes potentially hostile data?
33
Christian Urban <urbanc@in.tum.de>
parents:
diff changeset
    12
34
Christian Urban <urbanc@in.tum.de>
parents: 33
diff changeset
    13
\item How can you exploit the fact that every night root has a cron
239
0db764174afb updated home works
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 144
diff changeset
    14
  job that deletes the files in \texttt{/tmp}? (Hint: cron-attack)
0db764174afb updated home works
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 144
diff changeset
    15
0db764174afb updated home works
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 144
diff changeset
    16
\item How does a buffer-overflow attack work? (Hint: What happens on
0db764174afb updated home works
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 144
diff changeset
    17
  the stack.)
0db764174afb updated home works
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 144
diff changeset
    18
0db764174afb updated home works
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 144
diff changeset
    19
\item Why is it crucuial for a buffer overflow attack that the stack
0db764174afb updated home works
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 144
diff changeset
    20
  grows from higher addresses to lower ones?
34
Christian Urban <urbanc@in.tum.de>
parents: 33
diff changeset
    21
239
0db764174afb updated home works
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 144
diff changeset
    22
\item How does a stack canary help with preventing a buffer-overflow
0db764174afb updated home works
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 144
diff changeset
    23
  attack?
0db764174afb updated home works
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 144
diff changeset
    24
0db764174afb updated home works
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 144
diff changeset
    25
\item Why does randomising the address where programs are run help
0db764174afb updated home works
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 144
diff changeset
    26
  defending against buffer overflow attacks?
0db764174afb updated home works
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 144
diff changeset
    27
0db764174afb updated home works
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 144
diff changeset
    28
\item Assume format string attacks allow you to read out the
0db764174afb updated home works
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 144
diff changeset
    29
  stack. What can you do with this information? (Hint: Consider what
0db764174afb updated home works
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 144
diff changeset
    30
  is stored in the stack.)
34
Christian Urban <urbanc@in.tum.de>
parents: 33
diff changeset
    31
110
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 97
diff changeset
    32
\item Assume you can crash a program remotely. Why is this a problem?
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 97
diff changeset
    33
239
0db764174afb updated home works
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 144
diff changeset
    34
\item How can the choice of a programming language help with buffer
0db764174afb updated home works
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 144
diff changeset
    35
  overflow attacks?  (Hint: Why are C-programs prone to such attacks,
0db764174afb updated home works
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 144
diff changeset
    36
  but not Java programs.)
33
Christian Urban <urbanc@in.tum.de>
parents:
diff changeset
    37
\end{enumerate}
Christian Urban <urbanc@in.tum.de>
parents:
diff changeset
    38
Christian Urban <urbanc@in.tum.de>
parents:
diff changeset
    39
\end{document}
Christian Urban <urbanc@in.tum.de>
parents:
diff changeset
    40
Christian Urban <urbanc@in.tum.de>
parents:
diff changeset
    41
%%% Local Variables: 
Christian Urban <urbanc@in.tum.de>
parents:
diff changeset
    42
%%% mode: latex
Christian Urban <urbanc@in.tum.de>
parents:
diff changeset
    43
%%% TeX-master: t
Christian Urban <urbanc@in.tum.de>
parents:
diff changeset
    44
%%% End: