SUID Programming Part 2 - Due before class October 2nd

Your task is to examine the other programs on mclovin and attempt to break their security. You may also attack your own program.

Your first task is to configure and test your program yourself. You should add five accounts and passwords to your program. Three of these you get to choose; the other two must be:

  • User: clay      Password: swordfish
  • User: AzureDiamond      Password: hunter2

Once you have set this up, you can run the script:

~clay/check-files.pl

in the directory where your code and executable are. It will do some simple tests and change permissions. It may not find all your source files correctly, but it should be a start to checking common things.

Once you have set it up, your goal is to try and find a way to use the suid programs so that you know the contents of the text files. Here is how I suggest you approach this task:

  • First, test each program and make sure they are configured correctly and that the given user names and passwords operate correctly. If not, let me know.
  • Second, look through the source code to see what you can affect by providing input to the program. Test and see if any of the data structrues that take input or otherwise work with user-provided input can be overflowed or otherwise corrupted. If so, see if you can make the program crash. This will help your grade. If you manage to complete a buffer overflow, despite the OS protections, you win.
  • Third, see if you can get the programs to read a file of your choosing instead of what the programmer expected. This can sometimes be done in programs that do not specify a full path to input files by creating an appropriate configuration file locally and then symlinking to the other needed files, then running the program from the current directory instead of the directory where it is located.
  • Fourth, see if any of the programs use non-standard crypto for password protection. If so, see if you can attack that, perhaps in combination with the file exploit above
  • Fifth, see if you can use the logging mechaism to your advantage. If the log is written with the SUID still effective and you are able to redirect it, it may be possible to overwrite the .cfg or even the .txt file with something that you create.

You should test your methods to see if they actually work. If, during your testing, you accidently break something, let me know so I can restore it.

Before class on the 2nd you should submit a Private Note on Piazza in the suid_reports folder. Like the reading responses, I will make them public when needed.

  • For each program, in sorted order from USER02303 to USERFC215, a description of how you attempted to break the security of the program, and if you were successful or not.
  • A brief description of how you would recommend the user change their program to avoid the methods you would use to break it, or other constructive comments.
  • These comments will be shared with the author of the program to help them improve their work. Be constructive, not destructive.