Mercurial Mercurial > hg > sen-material / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
hws/hw03.tex
changeset 239 0db764174afb
parent 144 fdd0c7fa1b65
child 257 9bc912fcedb6 
--- a/hws/hw03.tex	Fri Oct 10 15:49:23 2014 +0100
+++ b/hws/hw03.tex	Fri Oct 10 16:14:55 2014 +0100
@@ -7,35 +7,33 @@
 \section*{Homework 3}
 
 \begin{enumerate}
-\item What does the principle of least privilege say?
-
-\item In which of the following situations can the access control mechanism of Unix
-file permissions be used?
-
-\begin{itemize}
-\item[(a)] Alice wants to have her files readable, except for her office mates.
-\item[(b)] Bob and Sam want to share some secret files.
-\item[(c)] Root wants some of her files to be public.
-\end{itemize}
-
-\item What should the architecture of a network application under Unix 
-be that processes potentially hostile data?
+\item What should the architecture of a network application under Unix
+  be that processes potentially hostile data?
 
 \item How can you exploit the fact that every night root has a cron
-job that deletes the files in \texttt{/tmp}? (Hint: cron-attack)
+  job that deletes the files in \texttt{/tmp}? (Hint: cron-attack)
+
+\item How does a buffer-overflow attack work? (Hint: What happens on
+  the stack.)
+
+\item Why is it crucuial for a buffer overflow attack that the stack
+  grows from higher addresses to lower ones?
 
-\item What does it mean that the program \texttt{passwd} has the \texttt{setuid}
-bit set? Why is this necessary?
-\item Assume format string attacks allow you to read out the stack. What can you do
-	with this information? (Hint: Consider what is stored in the stack.)
+\item How does a stack canary help with preventing a buffer-overflow
+  attack?
+
+\item Why does randomising the address where programs are run help
+  defending against buffer overflow attacks?
+
+\item Assume format string attacks allow you to read out the
+  stack. What can you do with this information? (Hint: Consider what
+  is stored in the stack.)
 
 \item Assume you can crash a program remotely. Why is this a problem?
 
-\item How can the choice of a programming language help with buffer overflow attacks?
-(Hint: Why are C-programs prone to such attacks, but not Java programs.)
-
-%\item How can a system that separates between \emph{users} and \emph{root} 
-%be of any help with buffer overflow attacks?
+\item How can the choice of a programming language help with buffer
+  overflow attacks?  (Hint: Why are C-programs prone to such attacks,
+  but not Java programs.)
 \end{enumerate}
 
 \end{document}
sen-material