Software Security Readings
These readings will help you with recalling and developing skills from 240 for Checkpoint 0
C Strings, Buffers, Pointers
Simon Tatham, "The Descent to C" (note especially the section on Strings)
http://cslibrary.stanford.edu/106/ and companion video https://www.youtube.com/watch?v=6pmWojisM_E
Stacks and Calling Conventions
GDB
Cheatsheet of GDB commands: https://darkdust.net/files/GDB%20Cheat%20Sheet.pdf
7 minute video shows how to use some more advanced commands, including the watch command (tells you when a variable changes values) and how to step backwards through a program: https://www.youtube.com/watch?v=Yq6XFl-u00o
This series of videos covers a variety of features of GCC: https://www.youtube.com/watch?v=5yZIFmplXsw&list=PLMbKVy-fuVKF0iopxoNRvhE86xYWZz9-C
Fun
This one is just optional fun - weird memory attacks against classic video games: https://digg.com/video/the-super-mario-bros-3-world-speedrun-record-in-three-minutes
These readings are intended to help you remember the skills (which you may have studied in CS240) that you'll need to start working on the software security lab, such as:
Writing, compiling, and running C programs
Using POSIX exec to execute other programs and pass them arguments
Understanding what happens to a process when it invokes exec
Manipulating strings and buffers:
Setting specific bits, bytes, and values in a variable or buffer
Getting endianness right, and/or using casting to let C help you get it right
Using string manipulation functions, and including their relationship to null termination
Describing and drawing memory diagrams of the stack
Explaining the large-scale layout of memory (text, heap, stack)
Using cgdb to:
Step through a program at a statement, function, or instruction level
Examine the stack, including flow control information
Print the values and memory addresses of locals, program arguments, function arguments, buffers, etc.
Disassemble code to inspect the machine instructions which are being executed
Explaining what happens when you call a function in C
Describing the calling convention used by the targets in the lab
Describing how variable argument functions work in C
These readings will help you with the actual exploits
Buffer overflows:
Aleph One, "Smashing the Stack for Fun and Profit" - this is a classic (1996) account and tutorial for buffer overflows. The setup (x86, no ASLR, etc.) running on our server is reminiscent of the setup of modern computers in 1996. Optional but quite interesting, and might even help.
Format string vulnerabilities:
http://www.cis.syr.edu/~wedu/Teaching/cis643/LectureNotes_New/Format_String.pdf
Really nice explanation of format string vulns from Maryland: https://www.youtube.com/watch?v=8dcUkJYn-Mk
Malloc and double-free:
Variadic (variable argument) functions:
https://www.rpi.edu/dept/cis/software/g77-mingw32/include/stdarg.h (A possible implementation of stdarg.h, which you will need to use to build your variable argument function)