Mercurial Mercurial > hg > sen-material / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | gz | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
added
authorChristian Urban <christian dot urban at kcl dot ac dot uk>
Mon, 07 Oct 2013 17:45:12 +0100
changeset 110 fefd78525434
parent 109 b71ce151aba8
child 111 677179c76e35
added
hws/hw03.pdf file | annotate | diff | comparison | revisions
hws/hw03.tex file | annotate | diff | comparison | revisions 
Binary file hws/hw03.pdf has changed
--- a/hws/hw03.tex	Mon Oct 07 17:25:04 2013 +0100
+++ b/hws/hw03.tex	Mon Oct 07 17:45:12 2013 +0100
@@ -22,12 +22,20 @@
 be that processes potentially hostile data?
 
 \item How can you exploit the fact that every night root has a cron
-job that deletes the files in \texttt{/tmp}?
+job that deletes the files in \texttt{/tmp}? (Hint: cron-attack)
 
 \item What does it mean that the program \texttt{passwd} has the \texttt{setuid}
 bit set? Why is this necessary?
+\item Assume format string attacks allow you to read out the stack. What can you do
+	with this information? (Hint: Consider what is stored in the stack.)
 
-\item What does the Bell --- La Padula model ensure? Similarly, what does the Biba model ensure?
+\item Assume you can crash a program remotely. Why is this a problem?
+
+\item How can the choice of a programming language help with buffer overflow attacks?
+(Hint: Why are C-programs prone to such attacks, but not Java programs.)
+
+\item How can a system that separates between \emph{users} and \emph{root} 
+be of any help with buffer overflow attacks?
 \end{enumerate}
 
 \end{document}
sen-material