33
|
1 |
\documentclass{article}
|
|
2 |
\usepackage{charter}
|
|
3 |
\usepackage{hyperref}
|
|
4 |
|
|
5 |
\begin{document}
|
|
6 |
|
39
|
7 |
\section*{Homework 3}
|
33
|
8 |
|
|
9 |
\begin{enumerate}
|
239
Christian Urban <christian dot urban at kcl dot ac dot uk>
diff
changeset
|
10 |
\item What should the architecture of a network application under Unix
|
Christian Urban <christian dot urban at kcl dot ac dot uk>
diff
changeset
|
11 |
be that processes potentially hostile data?
|
33
|
12 |
|
34
|
13 |
\item How can you exploit the fact that every night root has a cron
|
239
Christian Urban <christian dot urban at kcl dot ac dot uk>
diff
changeset
|
14 |
job that deletes the files in \texttt{/tmp}? (Hint: cron-attack)
|
Christian Urban <christian dot urban at kcl dot ac dot uk>
diff
changeset
|
15 |
|
Christian Urban <christian dot urban at kcl dot ac dot uk>
diff
changeset
|
16 |
\item How does a buffer-overflow attack work? (Hint: What happens on
|
Christian Urban <christian dot urban at kcl dot ac dot uk>
diff
changeset
|
17 |
the stack.)
|
Christian Urban <christian dot urban at kcl dot ac dot uk>
diff
changeset
|
18 |
|
276
Christian Urban <christian dot urban at kcl dot ac dot uk>
diff
changeset
|
19 |
\item Why is it crucial for a buffer overflow attack that the stack
|
239
Christian Urban <christian dot urban at kcl dot ac dot uk>
diff
changeset
|
20 |
grows from higher addresses to lower ones?
|
34
|
21 |
|
257
Christian Urban <christian dot urban at kcl dot ac dot uk>
diff
changeset
|
22 |
\item If the attacker uses a buffer overflow attack in order to
|
Christian Urban <christian dot urban at kcl dot ac dot uk>
diff
changeset
|
23 |
inject code, why can this code not contain any zero bytes?
|
Christian Urban <christian dot urban at kcl dot ac dot uk>
diff
changeset
|
24 |
|
239
Christian Urban <christian dot urban at kcl dot ac dot uk>
diff
changeset
|
25 |
\item How does a stack canary help with preventing a buffer-overflow
|
Christian Urban <christian dot urban at kcl dot ac dot uk>
diff
changeset
|
26 |
attack?
|
Christian Urban <christian dot urban at kcl dot ac dot uk>
diff
changeset
|
27 |
|
Christian Urban <christian dot urban at kcl dot ac dot uk>
diff
changeset
|
28 |
\item Why does randomising the address where programs are run help
|
Christian Urban <christian dot urban at kcl dot ac dot uk>
diff
changeset
|
29 |
defending against buffer overflow attacks?
|
Christian Urban <christian dot urban at kcl dot ac dot uk>
diff
changeset
|
30 |
|
Christian Urban <christian dot urban at kcl dot ac dot uk>
diff
changeset
|
31 |
\item Assume format string attacks allow you to read out the
|
Christian Urban <christian dot urban at kcl dot ac dot uk>
diff
changeset
|
32 |
stack. What can you do with this information? (Hint: Consider what
|
Christian Urban <christian dot urban at kcl dot ac dot uk>
diff
changeset
|
33 |
is stored in the stack.)
|
34
|
34 |
|
110
Christian Urban <christian dot urban at kcl dot ac dot uk>
diff
changeset
|
35 |
\item Assume you can crash a program remotely. Why is this a problem?
|
Christian Urban <christian dot urban at kcl dot ac dot uk>
diff
changeset
|
36 |
|
239
Christian Urban <christian dot urban at kcl dot ac dot uk>
diff
changeset
|
37 |
\item How can the choice of a programming language help with buffer
|
Christian Urban <christian dot urban at kcl dot ac dot uk>
diff
changeset
|
38 |
overflow attacks? (Hint: Why are C-programs prone to such attacks,
|
Christian Urban <christian dot urban at kcl dot ac dot uk>
diff
changeset
|
39 |
but not Java programs.)
|
33
|
40 |
\end{enumerate}
|
|
41 |
|
|
42 |
\end{document}
|
|
43 |
|
|
44 |
%%% Local Variables:
|
|
45 |
%%% mode: latex
|
|
46 |
%%% TeX-master: t
|
|
47 |
%%% End:
|