Using turnin, submit a directory containing
<filename>_fixed.c.
EXPLOITS.txtthat describes how to execute your exploits.
Use 'turnin -c cs426 -p project1 <folder_with_code_&_report>' to submit. You may use 'turnin -v -c cs426 -p project1' to view submitted files.
Also turn in your responses to questions for tasks 4 and 5 in pdf form to gradescope!
For Part 1, you will be given programs containing several vulnerabilities. You are expected to identify as many vulnerabilities as you can. You should note the type of vulnerability and a brief description as a comment in the code, immediately following the line(s) where the vulnerability appears.
You are also expected to submit code that includes repairs for three of these vulnerabilities.
Finally you should develop exploits for one of these vulnerabilities. This may involve crafted inputs, how you run the program, programs you write, etc.
In Part 2: You should follow the directions provided for each task in the task*-requirements.txt file.'
Note that it may be difficult or impossible to exploit some of the vulnerabilities, because of other protections imposed (e.g., by the hardware or operating systems.) They should still be considered vulnerabilities.
The programs (source and binary found in /homes/cs426/project1/ on departmental lab machines (e.g., data.cs.purdue.edu) are:
Grade lookup
Tasks 1-3 will be released immediately, tasks 4 and 5 are for week 2. We've also released a specialized execution environment that enables exploiting some vulnerabilites that are not exploitable on the lab machinese directly (done as a virtual machine - the departmental lab machines are heavily protected, for obvious reasons.) You may want to think about exploits for these programs, even if your exploit attempts fail because of OS protections, as once we provide a less protected execution environment you may find that your exploits succeed.