This alternate project allows you to analyze source code for potential vulnerabilities. You are to select a program that runs with privileges beyond that of a normal unprivileged user (such as a system account, root, or Administrator), and examine it. (On UNIX and Linux systems, this basically means a network server or a setuid or setgid program.)You are to determine whether a normal unprivileged user could obtain those extra privileges by using the program in a manner in which the designer and implementer of the program did not intend.
ECS 153, Introduction to Computer Science|
Winter Quarter 2002