CSE443 - Project #2 - Overflows

Due Date: Th February 23, 2012, 11:59pm.

This assignment explores a variety of different types of "overflows" in C programs to learn the mechanics of such attacks.

Follow these instructions:

  1. Obtain the tarfile from here.

  2. Unpack the tarfile in some appropriate directory on a UNIX system (there are many available at CSE -- see Notes below). You will only need this code and access to a debugger, such as GDB.

  3. You task is to complete four (4) programs: (1) cse443-data-attack.c; (2) cse443-fn-attack.c; (3) cse443-buf-attack.c; and (4) cse443-heap-attack.c. There are comments in the files to guide you to implement the proper functionality. The techniques required build from (1) to (4) (although there is also some conceptual overlap), so you should do them in order.

  4. All the attacks will be launched against functions in the program in the file cse443-file-victim.c. There are functions data_victim, function_victim, buffer_victim, and heap_victim. These functions correspond to the similarly named program files above. The goal is to configure the attack programs to produce a buffer that when read by the victim will produce overflows in the corresponding functions. The expected attack behaviors in each case are described below.

  5. The following tasks must be completed on the machine schuylkill.cse.psu.edu. Since attacks are quite system-specific, we will test your attacks on this one system.

  6. Each of these attacks must result in the opening on a new shell (i.e., you should see a shell prompt). If you exit the shell, the likely result is a segfault, so do not worry about that. I want to see that all these attacks work on schuylkill.

  7. When you have completed the code, test it on schuylkill to verify its result. I will provide a drop box for submitting this project. The project is due on Th February 23 at 11:59pm. Please attach a tar file containing all the source, including your additions. You can build this tar file using the command make tar from the source directory.

Notes

  1. You are to complete this on your own. Any sharing of code or help during the coding of this project is expressly forbidden. Do not discuss this project with anyone.

  2. A Makefile has been created to help you build the applications. To build the victim, simply type "make file-victim" in the target directory. Do not modify the file-victim program.

Documentation

To perform this project, you will have to become familiar with the use of the GNU Debugger GDB. Also, some useful background for overflow attacks is provided at this site. Later, I will present how to find the return address using GDB in class.

Questions

  1. Why must the values of OVERFLOW_SIZE get progressively smaller from the first attack (data) to the last (heap)

  2. What functions are used in file-victim to cause the overflows? Why do these cause overflow problems?

  3. Without adding bounds checking for buf or changing languages, how could you prevent the buffer overflow attack (i.e., provide a system solution)?


Trent Jaeger
Last modified: Seb 20 06:43:07 EST 2010