The learning objective of this lab is for students to gain the first-hand
experience on buffer-overflow vulnerability by putting what they have learned
about the vulnerability from class into actions.
Buffer overflow is defined as the condition in which a program attempts to
write data beyond the boundaries of pre-allocated fixed length buffers. This
vulnerability can be utilized by a malicious user to alter the flow control of
the program, even execute arbitrary pieces of code. This vulnerability arises
due to the mixing of the storage for data (e.g. buffers) and the
storage for controls (e.g. return addresses): an overflow in the data part can
affect the control flow of the program, because an overflow can
change the return address.
Activities: Students are given a program that has the buffer-overflow problem, and they need to exploit the vulnerability to gain the root privilege. Moreover, students will experiment with several protection schemes that have been implemented in Linux, and evaluate their effectiveness.
Please give us your feedback on this lab using this feedback form. | |
The SEED Labs project is open source. If you are interested in contributing to this project, please check out our Github page: https://github.com/seed-labs/seed-labs. |