The take-home final is now available [also PDF]. It is due Tuesday, June 8th, 6pm (at the end of the scheduled final exam period).
Final Exam Clarifications:
Question 7: Give the necessary conditions....
Question 8: The code for mod_exp contains a minor bug. It should read: big_int mod_exp(big_int b, big_int e, big_int m) { int i; big_int y; big_int x = b; /* OMITTED EARLIER */ for (i = 0, y = 1; i < MAXBITS && e != 0; i++, x = mod_mult(x,x,m), e = e / 2) if ((e % 2) == 1) y = mod_mult(y,x,m); return y; } |
The initial handout is available in postscript [PDF].
You should turn in the write-up along with all of your source code. Do not include the original assn2.c source code, any executables or binary data. Turn in the assignment by email.
A list of preliminary bugs (accidentally released) is here. If you got the earlier version of the tar file, you should modify the Makefile to include -lsocket.
Your write-up should include an exhaustive list of the security vulnerabilities and design flaws, and describe in detail how you mounted your attack. Additionally, you should provide a new version of the RPC system which fixes all the security bugs that you identified.
Your Makefile (for Solaris) should include the line
CFLAGS=-DDOUBLE_BYTE_ORDER=1 -DUSE_SIGSETas well as the -lsocket -lnsl for the final linking step. Also, change the uses of mcopy in rpc.c to memcpy.
For those of you who are confused about the use of net_redir, you compile it by:
cc -o net_redir net_redir.c -lsocket -lnsl(The -lsocket -lnsl is needed only on Solaris.) And you run the server as:
% ./server -p 6789 -vin one window on a Solaris machine, say named beowulf, and then in another window -- on any machine, as long as you have compiled the client with the right byte-ordering conditional compilation directives -- you run the client as:
% ./net_redir -s 6789@beowulf -d 3 -- ./client -vThe number 6789 in both the server and the client command lines is the TCP port number at which the service is located. (The -s flag allows you to use service names found in /etc/services as well.) The number that you use doesn't have to be 6789 -- as a matter of fact, since the server will fail to acquire that port number if somebody is already using it, you should probably chose your own. The only restriction other than its being unused is that it must also be above 1000, which on Unix systems are reserved for use by system services.
To check whether your Solaris machine is configured so that the stack segment is not executable, run /home/bsy/exposed/stack_test.sun4. If it dumps core, then it doesn't allow execution from the stack; if it outputs a message, then you're okay. This is executable only from CSE machines and directly tries executing from the stack. If you're doing initial implementation elsewhere, you should scan through /etc/system for set noexec_user_stack = 1, which is the configuration entry that controls this.
Bennet maintains a list of Web resources relating to computer security, ranging from cryptography resources, system security testing tools, to word compilations useful in eliminating easy-to-guess passwords. Some/most of these links are somewhat old.
bsy+cse227@cs.ucsd.edu, last updated