Lab - Hiram College



Lab 2, CPSC 35200:Computer Security

Insecure Programs

Login to cs.hiram.edu using a terminal window and . In this lab we will investigate several programs and look at what vulnerabilities they have. We won’t use the virtual machine for this lab.

Background information: Study the file easy-guide-to-gcc.doc which documents some of the main features of the C compiler, gcc, and the debugger, gdb. Study the file program-layouts.doc on the web site which provides a rough guide to a C program compiled with gcc.

You may use any text editor that you wish. The file easy-guide-to-vim.doc surveys one text editor that you might want to use as it is simple, If you know emacs, you can use it.

Each of the programs below are very short and, consequently, it is fairly easy to spot some of the problems with the code. But, imagine that the code is part of a huge program, say several million or more lines of code! In that context finding vulnerabilities may not be easy.

We want to investigate some exploits. Using your text editor, create the files below that contain C code. (Note how the code is similar to Java without classes.) Try to keep the lines as shown here so when we go over these, we will all be looking at the same line, if, for example, we may wish to refer to line 3.

I suggest entering one file and then dong the exercises for that file before moving on.

//ex1.c

int main() {

int array[5] = {1,2,3,4,5};

printf("%d\n", array[5]); }

Note on C: The "%d\n" in the printf command is a control string. In C this means to take the variable array[5] and output it as an integer (%d) followed by a line feed (\n).

//ex2.c

int main () {

int array[5]={1,2,3,4,5};

int i;

for (i=0; i ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download