Attack 8: Coredump Attack

Overview    Requirement     Preparation    Submission    Resources

 

Overview

Core dump systems allow for the state of a machine to be saved at crash time for later analysis. Often, a core dump system will write relevant data, a core image, to a swap partition at crash time. The core image is called core and is written in the process's working directory. Core file contains all the process information pertinent to debugging: contents of hardware registers, process status, and process data. Using crash dumps as a debugging facility greatly reduces the time for developers and users to determine the cause of a kernel fault.

Some old systems creates core file in current directory without checking whether the file already exists, using the same name, coredump. This vulnerability causes system files be corrupted by any user.

The goal of this project is to corrupt a system file, such as /etc/passwd by this vulnerability.

Project Requirements

We want to see a working demonstration of your exploitable implementation (note: if all the requirements are not satisfied, grades will be based on what you turn in)

(1)    Implement a simple program cause a coredump; 
(2)    Implement attack procedures to show how can you take advantage of this vulnerability to corrupt files which you are not allowed to access.
(3)    Give a solution in report how to eliminate or fix the vulnerability. (You need not implement this solution)

 

Preparing for the project

Download attack8.tar from website and save it in your smx/ directory;
Execute following steps:

    apollo 100: cd /home/seed/ecslogin_id/smx
    apollo 101: tar xvf attack8.tar
    apollo 102: cp signal.c src/mm/signal.c

    apollo 103: cd src/mm
    apollo 104: make
    apollo 105: cd ../tools
    apollo 106: minix

    Solaris-Minix  Release 2.0 Version 0
    noname login: normal_user        (suppose your user id is normal_user)
    Password: *****
    $ Begin your work


Submission & Demonstration

You are expected to submit a hardcopy report of your attack. In your report, you should specify the procedures you implement the attacks, explain why you consider your attack is successful, and what procedure may help to fix the vulnerability.

Also, you will need to demonstrate your attacks to TA. Here is your demonstration schedule.

Helpful Documents

 Core Dump?

 Manual page for getpwent command

 What is set-UID

 SetUID FAQ

 Unix Shell Introduction

 Unix Shell Scripts   

 

Updated: 03/13/2005