Syracuse University
Vulnerability Lab
Overview
In this project, you are required to analyze the security vulnerabilities of the minix operating system, identify the security hole, try to exploit these security vulnerabilities to implement the attack to the system, and hopefully, fix these vulnerabilities.
You are given a lot of small individual attacks, and you should implement them separately. You will need to demonstrate how you implement these attacks to TA.
Here
are the security vulnerabilities & attacks that you may consider.
You are not expected to implement all the attacks, but should implement
at least four of them. Two attacks are required (either group A or
group B), and two attacks can be your optional choices. If you
implement more than four attacks, those additional attacks will be
given bonus points. Please
refer to each individual attacks for the specific attack. In your
report, you should specify what tactic you have tried to implement
these attacks, and please identify the techniques that may help to fix
the problems.Requirement
Required
Attacks:
Group A: Attack
1: Race
condition attack
Attack 2: "su" Setuid
program attack
Group B: Attack
3: stdio
Attack
Attack 4: Set
Path Attack
Optional
Attacks:
Attack 5: Elvis
Temporary File Attack
Attack 6: Passwd
attack
Attack 7: do_path
Kernel Attack
Attack 8: Coredump
Temporary File Attack