Lab 4: Format String Vulnerability

Lab Overview

The goal for this lab is for you to gain first-hand experience with format-string vulnerabilities by putting what you have learned about the vulnerability from class into action. The format-string vulnerability is caused by code like printf(user_input), where the contents of variable user_input is provided by users. When this program is run with privilege (e.g., as a Set-UID program), this printf statement becomes dangerous because it can lead to one of the following consequences: (1) crash of the program, (2) read from an arbitrary memory location, and (3) modification of values at an arbitrary memory location. The last consequence is of course dangerous because it can allow users to modify internal variables of a privileged program, thus changing its behavior. In this lab, you will be given a program with a format-string vulnerability; your task is to develop a scheme to exploit the vulnerability. In addition to the attacks, you will be guided through protection schemes that can be used to defeat these types of attack. You will need to evaluate whether the schemes work or not and explain why.

Lab Description

Please find the lab description here. The variable DUMMY_SIZE for this lab should be set to 44.

Handin

Please write your lab report according to the description. Please also list the important code snippets followed by your explanation. You will not receive credit if you simply attach code without any explanation. Upload your answers as a PDF to blackboard. You must turn this in by Thursday 2/6 11:59 PM.

Suggested Reading

Acknowledgements

Most content taken from Wenliang Du.

This work is licensed under a Creative Commons Attribution-NonCommercialShareAlike 4.0 International License. A human-readable summary of (and not a substitute for) the license is the following: You are free to copy and redistribute the material in any medium or format. You must give appropriate credit. If you remix, transform, or build upon the material, you must distribute your contributions under the same license as the original. You may not use the material for commercial purposes.