[cs631apue] Test Cases and C Vulnerabilities
Charles Magyar IV
cmagyar at stevens.edu
Wed Sep 2 09:19:46 EDT 2020
Hi,
>From my quick research, it looks like gcc has a flag to detect stack smashing, which may be default. After work I'll try to reproduce the issue shown in the first link below and get back to you.
The third link has some stuff about string manipulation and other attacks. You may find it interesting, although you might already be familiar with most of it.
I'm quite interested in learning security as well, so if you find anything cool or have good references please share!
Cheers,
Charles
https://www.thegeekstuff.com/2013/02/stack-smashing-attacks-gcc/
https://wiki.osdev.org/Stack_Smashing_Protector
http://www.sis.pitt.edu/jjoshi/courses/IS2620/Spring07/Lecture3.pdf
________________________________
From: cs631apue-bounces at lists.stevens.edu <cs631apue-bounces at lists.stevens.edu> on behalf of Liam Brew <lbrew at stevens.edu>
Sent: Tuesday, September 1, 2020 9:05 AM
To: cs631apue at lists.stevens.edu <cs631apue at lists.stevens.edu>
Subject: [cs631apue] Test Cases and C Vulnerabilities
Hello all,
It was nice to meet everyone yesterday. I’m looking forward to a good semester together. As this is my first course that deals primarily with C, I was wondering how this language’s code is typically evaluated in an academic setting. While I assume test cases such as erroneous inputs are very likely, I’m not sure about more malicious ones such as stack smashing/overflows, string manipulations, and so on. If anyone can chime in with their experiences, maybe we can compile a solid list of cases to consider so that there are less surprises grading-wise.
Thanks! See you soon.
-----------------------
Very respectfully,
Liam Brew<https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.linkedin.com%2Fin%2Flbrew%2F&data=02%7C01%7Ccmagyar%40stevens.edu%7C7ff8742070124753afe208d84e90d2cb%7C8d1a69ec03b54345ae21dad112f5fb4f%7C0%7C0%7C637345731247989854&sdata=DDrLiPvJ7zZwlpMMTl8FtgiN4X%2FHSnA7MWIZd%2Fs0PEI%3D&reserved=0>
B.E. Software Engineering 2021
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.stevens.edu/pipermail/cs631apue/attachments/20200902/1dc5a53a/attachment.html>
More information about the cs631apue
mailing list