University of Cincinnati Logo

20-CS-6056 - Security Vulnerability Assessment
Electrical Engineering & Computer Science

Brownie points awarded so far
  Kurra     22
  Aleti     21
  Lingala     17
  Moon     14
  Reed     12
  Almeshari     12
  Scholtes     12
  Ghattmaraju     12
  Shah     12
  Washburn     12
  Singh     11
  Ulichi     11
  Balli     11
  Katta     11
  Davis     9
  Lindberg     9
  Best     9
  Blair     9
  Jedhe     9
  Tadiboyina     9
  Tuchfarber     8
  Tumler     6
  Greben     6
  Corsini     6
  Long     6
  Watson     6
  Bhimavarapu     6
  Buddi     6
  Korrapati     6
  Nallamothu     6
  Peddireddy     6
  Han     0
  Miller     0
  Samarasinghe     0
  Panchlothia     0
Brownie Questions (thanks Ryan)
  1. Memory in C/C++ (4): In regards to access and requesting more and why is it some data is overwritten but other data isn't. Example:
      #include <stdio.h>
      #include <stdlib.h>
      typedef struct { char str[20]; } Object;
      void print(char *str, Object *ptr) {
         int i;
         printf("%s: ",str);
         for (i=0 ; i < 20 ; i++) 
            if (ptr->str[i] >= 'A' && ptr->str[i] <= 'Z')
             printf("%c ",ptr->str[i]);
             printf("%x ",(unsigned char)ptr->str[i]);
      int main () {
         int i;
         Object *obj2;
         Object *obj1 = (Object*)malloc(sizeof(Object));
         for (i=0 ; i < 20 ; i++) obj1->str[i] = 'A'+i;
         obj2 = (Object*)malloc(sizeof(Object));
    gives the following output
      obj1: A B C D E F G H I J K L M N O P Q R S T
      obj2: 0 0 0 0 0 0 0 0 I J K L M N O P Q R S T
      obj1: 0 0 0 0 0 0 0 0 I J K L M N O P Q R S T
      obj1: 0 0 0 0 0 0 0 0 I J K L M N O P Q R S T
    Could it be that the 0s up front somehow signify that this malloced block has been freed? Doing free(obj1) for the second time gives this:
    *** Error in `freetest': double free or corruption (fasttop): 0x0...0 ***
    Note: using delete instead of free gives the same result.

  2. Does the program you're attacking need to be running as root in order for you to access/execute library functions? (5) More specifically, does a call to a function in libc get executed as root or as user?

  3. I am not sure what this is in regards to but I am posting it in case someone else knows - JVF

    Standard procedures for web server processes. Do they start/stop web server processes constantly? Or are web server processes always running, therefore allowing an attacker plenty of time to snoop around and figure out info relevant to their attack. We also mentioned that some processes have an auto-restart when they detect someone is tampering with them.

  4. GCC/G++ compilation default protections.

    I can't recall the question - but giving a complete list of default protections is worth (3) brownies. -JVF

  5. SEEH - No idea what the acronym means at this point. (2)

  6. Is it possible to artificially create access check delays when dealing with time-sensitive checks/accesses? For an example: (5) brownies.

  7. A complete explanation of the vulnerability (so everyone is quite sure of the explanation) of type-5.c: (2) brownies

  8. Whether adding a constructor to (in Other Vulnerabilities) can override the authorization check in BankOperations has been answered negatively by Jonah Back.

  9. Whether programming java to act like a immutable language has a performance impact. (2-5) brownies depending on the quality of the answer.
Paul Erdos
Ladies on Campus
Oscar Robinson