Prompt for "Smashing the Stack for Fun and Profit"
Due on Wednesday, October 27 by 11:59pm
Write a technical paper review, and in your discussion, please address the following questions.
- What security guarantees does this attack violate? Start by thinking about what guarantees a programming language might provide.
- The paper shows
example1.c
’s assembly output for making a call tofunction
on an x86 instruction set architecture. In this class, we will be using Raspberry Pi Zero computers which use the ARMv6 instruction set architecture. Follow Aleph One’s example and produce assembly output forexample1.c
on your Raspberry Pi. Can you find the equivalent ARM instructions that callfunction
? Refer to the ARM instruction summary to find the meaning of ARM instruction mnemonics, and the ARM calling standard for register names. - This attack concerns itself with stack-based buffer overflows. Do you think that overflowing heap-allocated buffers can lead to the same results? Why or why not?
Turn-in instructions: commit your response to your reading responses Github repository. Please use the LaTeX template supplied in your repository. Be sure to turn in both your source .tex
file and a compiled .pdf
file.
You can generate a PDF from the template with the command:
$ pdflatex reading05.tex_Please_ be sure to name your generated PDF `reading05.pdf`. You will need to install TeXLive on your personal computer to build LaTeX documents: macOS, Windows, Linux. CS Lab machines already have TeXLive installed.