CS 443 Assignment #1 Due February 9, at the beginning of class. This assignment must be done individually with no help from anyone else in the class or outside the class. You must write all code yourself, and you may not use any other code found on the Internet or elsewhere. 1. For question #1 only, Use any reference materials, the Internet, or manuals to find this information. You may use any resource except asking another person. Identify the security measures against buffer overflow attacks found in the following operating systems. Describe each security measure and whether it can be turned on and off, or if it is always there. Identify which system you think is the best and which is the worst in terms with protecting memory on the stack. Answer for each of a-e below. a. Mac OS/X Tiger (powerPC) or Mac OS/X Tiger (Intel) b. Red Hat Linux or Fedora Core Linux c. Debian or Free BSD d. Open BSD e. Windows XP or Vista 2. Write a program in C. The program should be interactive and ask the user to answer some question(s) on the keyboard. Alternatively, pick a different type of I/O, so the program can open a file or write to a socket, etc. Write your code so that there is a buffer overflow vulnerability. Try your best to hide the vulnerability so that someone analyzing your code would not see the vulnerability. Document the vulnerability in a short, external report. Turn in the program listing and the short report. Make sure to include a README file with all instructions and details about how to compile and run your code. Put everything on a CD to turn in to the TA. In addition, bring another CD with your program on it, but with no indication of how the program is vulnerable. Make sure your name is written on the outside of the CD. [ In Assignment #2, you will be given a program from another student in the class. Your job will be to find the exploit and write an exploit. ] 3. Write the exploit to your program. The exploit should create a shell with the user's permission of the account running the program. The exploit can be in the form of something entered into one of the interactive questions in the program or through a calling routine. Turn in the shell code for your exploit, a trace of a run of your exploit, and a short report documenting and explaining the theory behind your exploit and how it works. Be sure to describe the platform you used and any special settings you had to configure (e.g. turning off address randomization, etc.), if any. Grading: Question #1: 15 points Question #2: 15 points Question #3: 25 points Total points: 55 ------------------- Some tidbits for generating shell code. Compile your program with the -ggdb flag. Inside of gdb, type: disassemble main Then, type x/bx main+4, and keep hitting return to see the hex values. Keep in mind that on some systems, you will need to account for different endian-ness.