diff -r 6ba55ba5b588 -r 0db764174afb hws/hw03.tex --- a/hws/hw03.tex Fri Oct 10 15:49:23 2014 +0100 +++ b/hws/hw03.tex Fri Oct 10 16:14:55 2014 +0100 @@ -7,35 +7,33 @@ \section*{Homework 3} \begin{enumerate} -\item What does the principle of least privilege say? - -\item In which of the following situations can the access control mechanism of Unix -file permissions be used? - -\begin{itemize} -\item[(a)] Alice wants to have her files readable, except for her office mates. -\item[(b)] Bob and Sam want to share some secret files. -\item[(c)] Root wants some of her files to be public. -\end{itemize} - -\item What should the architecture of a network application under Unix -be that processes potentially hostile data? +\item What should the architecture of a network application under Unix + be that processes potentially hostile data? \item How can you exploit the fact that every night root has a cron -job that deletes the files in \texttt{/tmp}? (Hint: cron-attack) + job that deletes the files in \texttt{/tmp}? (Hint: cron-attack) + +\item How does a buffer-overflow attack work? (Hint: What happens on + the stack.) + +\item Why is it crucuial for a buffer overflow attack that the stack + grows from higher addresses to lower ones? -\item What does it mean that the program \texttt{passwd} has the \texttt{setuid} -bit set? Why is this necessary? -\item Assume format string attacks allow you to read out the stack. What can you do - with this information? (Hint: Consider what is stored in the stack.) +\item How does a stack canary help with preventing a buffer-overflow + attack? + +\item Why does randomising the address where programs are run help + defending against buffer overflow attacks? + +\item Assume format string attacks allow you to read out the + stack. What can you do with this information? (Hint: Consider what + is stored in the stack.) \item Assume you can crash a program remotely. Why is this a problem? -\item How can the choice of a programming language help with buffer overflow attacks? -(Hint: Why are C-programs prone to such attacks, but not Java programs.) - -%\item How can a system that separates between \emph{users} and \emph{root} -%be of any help with buffer overflow attacks? +\item How can the choice of a programming language help with buffer + overflow attacks? (Hint: Why are C-programs prone to such attacks, + but not Java programs.) \end{enumerate} \end{document}