$2.$ The least$-$privilege principle can be used to effectively defend against the race condition attacks discussed in this chapter. Can we use the same principle to defeat

buffer$-$overflow

attacks? Why or why not? Namely, before executing the vulnerable function, we

disable

the root privilege; after the vulnerable function returns, we enable the privilege

back.

Does the following privileged Set$-$UID program have a race condition

problem? If

so$,$ where is the attack window? Please also describe how you would exploit this

race

condition window.

Please explain why using secure getenv$()$ is better than using getenv$().$

Format String Vulnerability

Both buffer$-$overflow and format$-$string vulnerabilities can lead to the

modification of

the return address field, but the ways how the field is modified are different in

these two

attacks. Please describe their difference, and comment on which one is less

restricted.

Can we use the StackGuard idea to protected against format$-$string attacks?

When $pr{\displaystyle \underset{\phantom{}}{\overset{\phantom{}}{}}}f(fmt)$ is executed, the stack $($from low address to high address$)$

contains

the following values $(4$ bytes each$),$ where the first number is the content of the

variable

fmt$,$ which is a pointer pointing to a format string. If you can decide the content

of the

format string, what is the smallest number of format specifiers that you can use

crash the

program with a $100$ percent probability?

OXAABBCCDD, OXAABBDDFF, $0$x$22334455,0$x$00000000,0$x$99663322$

Bob says that he never uses any environment variable in his code, so he

does not need to

worry about any security problem caused by environment variables. Is he

correct?

When we debug a program, we can change the program's internal

variables during the

execution. This can change a program's behavior. Can we use this technique to

debug a Set$-$UID program and change its behavior? For example, if the program

is supposed to open the $/$tmp$/$xyz file, we can modify the filename string, so the

Set$-$UID program ends up opening $/$etc$/$passwd$.$