
Homework 2
Due Date: February 7, 2008!Total Points: 100
Problems
1. (12 points) text, §4.11, exercise 7.
2. (20 points) text, §18.6, exercise 1.
3. (20 points) text, §23.9, exercise 6.
4. (10 points) text, §5.8, exercise 2.
5. (38 points) This problem asks you to implement a buffer overflow attack on a program. In the Resources area of
SmartSite (or the Handout area of the nob.cs.ucdavis.edu class web site) is a program bad.c. This program
contains a buffer overflow vulnerability; see the call to gets() at line 13. Your job is to exploit the overflow by
providing input to the running process that will cause the program to invoke the function trap (which, you may
notice, is not called anywhere else). You will know you’ve succeeded when you run the program, give it your
input, and it prints “Gotcha!”
The following questions will help guide you. Please turn in your answers to them, a hex dump of the input you
use to call trap, and a typescript of you running the program bad, giving it your input, and showing its output.
a. What is the address of the function trap()? How did you determine this?
b. What is the address on the stack that your input must overwrite (please give both the address of the memory
location(s), and their contents)? How did you locate this address?
c. What is the address of buf?
d. What is the minimum length your sled must be? Remember, the sled is the input you give to alter the return
address stored on the stack.
Extra Credit Problems
6. (20 points) Augment your solution to problem 5 to execute code you place on the stack. Have the code do
something interesting, like create a shell. You will need to check that the loader will allow code on the stack to
be executed (the linker/loader switch –allow_stack_execute does this).
ECS 153, Computer Security!Winter Quarter 2008
Version of January 25, 2008 9:43 AM!Page 1 of 1