Homework 3

Due: November 8, 2021
Points: 100

  1. (20 points) Classify the following vulnerabilities using the RISOS model. Assume that the classification is for the implementation level. Justify your answer.
    1. The presence of the “wiz” command in the sendmail program (see Section 24.2.9).
    2. The failure to handle the IFS shell variable by loadmodule (see Section 24.2.9).
    3. The heartbleed bug occurred in an implementation of OpenSSL. A client would send a keepalive message to the server, which would echo the data of the packet back to the client. The length of the packet (including the data) was in the packet header. The first few bytes of the data also contained the length of the data, and OpenSSL used the latter to determine how big the data was. The problem was that one could give a data size of 1000 when only 5 bytes of data were present. OpenSSL would then return 1000 bytes from the input queue, revealing what information was in the buffer at those 995 bytes. (See https://xkcd.com/1354/ for an amusing description of this bug.)
    4. The failure of the Burroughs system to detect offline changes to files (see Section 24.2.7).

  2. (20 points) StackGuard is a tool for detecting buffer overflows. It modifies the compiler to place a known (pseudo)random number (a canary) on the stack just before the return address when a function is called. Additional code is added so that, just before the function returns, it pops the canary and compares it to the value that was placed upon the stack. If the two differ, StackGuard asserts a buffer overflow has occurred, and invokes an error handler to terminate the program. How effective is this approach at stopping stack-based buffer overflows? Under what conditions might it fail?

  3. (45 points) The program setdate (with source code here) runs setuid to root. Its function is to change the date of the system. Please analyze the robustness and security of this program using the source code (available in the Programs area of the class web page). In particular, how hard would it be for someone to obtain excess privileges using this program? How hard would it be for someone to supply input that caused the program to crash, or do something wrong?

  4. (15 points) The Mysterious Mortgage Company announced it has upgraded the authentication required of its website users to two-factor authentication. Amy, a mortgagee, wants to log into her account on the web site. She enters her login name and password. Instead of showing her a screen with her account information, the next screen asked her to re-enter her login name and password. After she does so, she is then given the account page. Is this two-factor authentication? Why or why not?
Extra credit
  1. (20 points) The second example in section 16.2 asserts that UNIX file descriptors are in fact capabilities. Please explain in detail why this is true. (Hint: How are file descriptors used? What is in a file descriptor?)

UC Davis sigil
Matt Bishop
Office: 2209 Watershed Sciences
Phone: +1 (530) 752-8060
Email: mabishop@ucdavis.edu
ECS 235A, Computer and Information Security
Version of October 24, 2021 at 10:41PM

You can also obtain a PDF version of this.

Valid HTML 4.01 Transitional Built with BBEdit Built on a Macintosh