CSG254: Network Security

Practical Systems Security Lab

Lab Assignment 1: Part A.

Due date: January 25, 2005.

Important note: in the report of your assignment indicate what each team member did.

Students should form teams with 4 people per group and choose a team name. Each student team will be given a class C subnet e.g. 192.168.10.0 and two computer systems at a workstation area that they will be responsible for in the network security laboratory. Please read this entire assignment, including the notes at the bottom, before beginning.

For this week’s assignment, each team will be asked to perform the following:

    Linux System Setup:

    On one of the team systems, install RedHat Linux 9 (provided).
    When prompted, select server as the install type. Do not install a firewall when asked (no firewall).
    Choose a hostname for the system and configure it to talk on the network using an IP address of your choice. Your default router will be 192.168.x.1.
    Elect to install the following services during the installation process:

    1. Install the X-Windows system and Gnome (you may select KDE if you prefer that environment over Gnome).
    2. Also check all of the options under Graphical Internet and Text-Based Internet. Check and go with the provided defaults under editors, server configuration tools, web server, mail server, windows file server, ftp server, sql server, network servers, development tools, administration tools, and server tools. Examine each section so that you understand what is being installed (sendmail, imap, mysql, telnet, finger, etc).
    3. Set up and start your web server and create a web root with team name on the web page.
    4. Set up and start your FTP server so that team members could (theoretically) update web pages remotely using FTP in a relatively secure way.
    5. Create two additional user-level accounts on the system: class and teacher. Send the passwords (you choose) for these accounts to TA via email, along with the IP address of the Linux system and the hostname you have chosen for the machine.

    Buffer Overflows

    1. Get a copy of lowercase.c on to your linux system and examine the code. This program is a simple UNIX utility that will accept a string involving both upper and lower case characters from the command line and return that string converted entirely to lower case characters. Does the program have any internal buffers? Does it do any input length checking? Describe what seems, at first glance, to be unsafe. Provide comments on a line-by-line basis.
    2. Compile lowercase.c with the –g debugging option (gcc –g –o lowercase lowercase.c) and install it setuid root to /usr/local/bin. Run lowercase, and find a string input that will cause it to segfault. Why does this happen?
    3. Examine the lowercase binary in gdb. Set a breakpoint, run to that line, and find the memory address of the buf variable (print &buf). Now finish running the program. When it looks for input use the overflow string you used before (make sure it is the same length and content). Record the warning that gdb gave you for the return address. After the segfault is generated in gdb, use ‘info registers’ to look at the current values of the registers. What is significant about the value of the instruction pointer? (Assuming your overflow was of the appropriate length)
    4. What was the length of the string that was required to get this far? What is the significance of it being greater than the actual buffer size itself? Think in terms of the stack. NOTE: should be 524 characters (12 greater than 512)
    5. Given the environment that the utility is installed in, and the behavior of the stack that you observe, craft a local exploit that allows you to gain superuser privileges. Use the provided shell code in shellcode.txt. You may use Aleph1’s “Smashing The Stack For Fun and Profit” paper as a tutorial/reference to help you achieve your goal, but please submit source code for your exploit that has comments on every line demonstrating that you understand how this works. Points will be deducted for less than thorough explanations. Also include a diagram of how the stack is affected by such an exploit and any output that you generate.
    6. How would you modify the lowercase program to make it safe from buffer overflow attacks?
    7. Describe the dangers of installing an application as suid root. What does this mean? Obviously, our example application doesn’t need to be run in this fashion, but many applications require these permissions for various reasons. Discuss why a game with a saved highscores file might be run as suid root and how you might make this more secure while providing the same functionality.
    8. Learn about chroot jails (propose a different solution above) and how you might use them to mitigate similar security hazards. Give a brief summary of when it might be advantageous to use them.
    9. Describe & give a reference to a recent current (within the last year) exploit that uses a buffer overflow attack to get access to a networked machine.

IMPORTANT NOTE 1: Do NOT install service packs, patches, firewalls, or any other software/service that is not explicitly noted in this homework during the installation process or otherwise.

IMPORTANT NOTE 2: When choosing IP addresses, don’t choose .2 and .3. Please choose random numbers on your given subnet (this will be important later, for learning about network scans and probes).

IMPORTANT NOTE 3:The 3 Red Hat install CDs are in the TA's section. Please put them back there when you are done with them.