Rice University logo
Top blue bar image Comp327: Introduction to Computer Security
Blog and homepage for Rice's Comp327

Archive for April, 2012

Grading Criteria for HW6

Sunday, April 22nd, 2012

No report is required for turn-in, but please tell me who is in your group and the way that work was distributed.
Below is how I will grade each groups homework:

1) For each solution, I will start from scratch (e.g. make clean)

2) After I run solution #1, I will examine the log file and the users directory to see that you created a valid user.

3) After I run solution #2, I will examine the log file and the users directory to see that you created a valid users.  Your code should perform the following actions:
a) enumerate whether these users exist in the application or not
b) use writeArticle to write arbitrary passwords into each existing user’s password as an authenticated user

You should include users you know will and will not exist in the application in your exploit, as this will be the most precise demonstration that your tool meets the grading criteria.

4)  After I run solution #3 and/or #4, I will try to connect to the remote port that the shell code binded too.  Then I will connect to the port and type:
‘ls’, ‘whoami’, and ‘date’.
I will read your code and comments to figure out how to run the exploit.  If I can’t figure out your exploit or get it to run, you will not get credit for the problem.  Be very verbose in your comments and instructions about how to run the code.

HW5 Write-ups Graded

Tuesday, April 17th, 2012

If you want your grades and comments for HW 5, please drop by the TAs office today before 4p.  Otherwise they will be available to you at the end of class on Thursday.  No grades will be sent out for this assignment.  Thanks.

Office hours rescheduled

Sunday, April 15th, 2012

The TAs office hours will not be held at the normal time tomorrow.  They will be held after class tomorrow.

Reminder: Class on Monday

Thursday, April 12th, 2012

Just a friendly reminder that class will be held on Monday of next week.  The place is Keck 101 at 3:00-4:30pm.  Thanks.

HW 6: Exploiting the bad code

Monday, April 9th, 2012

HW 6: Exploiting the bad code is now assigned.  Before you get started, there are a couple of points:
1)  This is the first time this assignment has been used, so please make sure you email the TA if you have problems getting started or you get stuck on a problem.
2)  Everyone must work in a group of 2 or more, no exceptions.
3)  The required environment for this assignment is a 32-bit Linux system.
4)  Please read the instructions carefully before emailing the TA.
5) Do not hesitate to ask for guidance.