15.5: Exercises

Last updated
Save as PDF

Page ID: 19957

\( \newcommand{\vecs}[1]{\overset { \scriptstyle \rightharpoonup} {\mathbf{#1}} } \) \( \newcommand{\vecd}[1]{\overset{-\!-\!\rightharpoonup}{\vphantom{a}\smash {#1}}} \)\(\newcommand{\id}{\mathrm{id}}\) \( \newcommand{\Span}{\mathrm{span}}\) \( \newcommand{\kernel}{\mathrm{null}\,}\) \( \newcommand{\range}{\mathrm{range}\,}\) \( \newcommand{\RealPart}{\mathrm{Re}}\) \( \newcommand{\ImaginaryPart}{\mathrm{Im}}\) \( \newcommand{\Argument}{\mathrm{Arg}}\) \( \newcommand{\norm}[1]{\| #1 \|}\) \( \newcommand{\inner}[2]{\langle #1, #2 \rangle}\) \( \newcommand{\Span}{\mathrm{span}}\) \(\newcommand{\id}{\mathrm{id}}\) \( \newcommand{\Span}{\mathrm{span}}\) \( \newcommand{\kernel}{\mathrm{null}\,}\) \( \newcommand{\range}{\mathrm{range}\,}\) \( \newcommand{\RealPart}{\mathrm{Re}}\) \( \newcommand{\ImaginaryPart}{\mathrm{Im}}\) \( \newcommand{\Argument}{\mathrm{Arg}}\) \( \newcommand{\norm}[1]{\| #1 \|}\) \( \newcommand{\inner}[2]{\langle #1, #2 \rangle}\) \( \newcommand{\Span}{\mathrm{span}}\)\(\newcommand{\AA}{\unicode[.8,0]{x212B}}\)

Below are some quiz questions and suggested projects based on this chapter.

Questions

Below are some quiz questions based on this chapter.

1) When stack buffer overflow is caused deliberately as part of an attack it is referred as what?

2) What does it mean when a C function is considered unsafe?

3) Is a program that reads user input still vulnerable if the input buffer is sufficiently large (e.g., >1024 bytes)?

4) How might an attacker determine if an interactive program is vulnerable to a buffer overflow attack?

5) Whatisa“NOPslide”?

6) The text example injected code to open a new shell. Provide at least one different idea for injected code that would cause problems.

7) Name three techniques designed to prevent stack buffer overflow attacks.

Suggested Projects

Below are some suggested projects based on this chapter.

1) Implement the second example program fragment to open a new shell. Use the debugger to execute the program and display the final results. Execute the program without the debugger and verify that a new shell is opened.

2) Implement the console input program from Chapter 13. Remove the code for the buffer size check. Execute the program without the debugger and ensure the appropriate input is read and that the output is displayed to the console. Verify that entering too many characters will crash the program.

3) Using the program from the previous question and the program fragment to open a shell, attempt to inject the code into the running program. In order to save time, print the value of the rsp at an appropriate location to allow the guessing of the target address significantly easier.