Outline for January 9, 2002

  1. Greetings and Felicitations!
  2. Puzzle of the day
  3. Robust Programming
    1. Go through handout, emphasizing principles
    2. Information hiding and abstraction
    3. Error handling
  4. Common Implementation Vulnerabilities
    1. Unknown interaction with other system components (DNS entry with bad names, assuming finger port is finger and not chargen)
    2. Overflow (year 2000, lpr overwriting flaw, sendmail large integer flaw, su buffer overflow)
    3. Race conditions (xterm flaw, ps flaw)
    4. Environment variables (vi one-upsmanship, loadmodule)
    5. Not resetting privileges (Purdue Games incident)

ECS 153, Introduction to Computer Security
Winter Quarter 2002
Email: cs153@cs.ucdavis.edu