Due: April 27, 2015
This problem requires you to do some source code analysis. To do this assignment, you need to download the file lsu.tar from the homework web site, copy it onto a system at the CSIF, and unpack it. Once on the CSIF, type
tar xvf lsu.tarand you will find a directory named lsu containing the program lsu. It consists of several source files, a Makefile, and a large number of configuration files. The version you have downloaded is preconfigured to compile on the CSIF systems. For the purposes of this assignment, assume that lsu will run as a setuid-to-root program; that is, when you execute it, it runs as though root executed it.
This assignment consists of several steps. First, we’ll run a source code analyzer over the program to find possible errors. Then, we will examine a couple of error reports.
The program sourceanalyzer is a tool written by Fortify Software. It analyzes programs for possible vulnerabilities, and when it finds one, it describes it and gives a trace of the routines involved in an attack exploiting the vulnerability.
First, run the program. See the document The Fortify Source Code Analyzer for details on how to do this. Remember, this program uses make, so you want to follow the directions in the section “More Complex Programs”. The document also explains how to interpret the results.
When you run the second command, be sure to save the output in a file; it’s long, and you’ll need to refer to it later.
Now, look at the output. You will see many potential errors. We’re going to focus on three.
For the first two, describe in detail the flow of data that would allow an attacker to exploit the flaw. For example, for an integer overflow, you would say something like this:
The attacker passes 231−1 arguments to the program (via the function main in file main.c at line 25). The program then appends 3 more arguments (see line 36 of main.c). This causes the counter for the loop in which the arguments are appended to overflow (see lines 34–38 in main.c).Of course, this is a made-up example, not one drawn from lsu. But it gives you the level of detail we want.
Please copy the messages from the run of sourceanalyzer describing the vulnerability and the trace of functions and files below it. Then write your description beneath.
For the third one, analyze the report. Is this an exploitable vulnerability? If so, explain how to do it; if not, please explain why it is not exploitable (or not a vulnerability).
|You can also obtain a PDF version of this.||Version of April 18, 2015 at 4:01PM|