Lab 1 - UID and Environ variables .pdf - CS 421 Information Security Lab 1 CS 421 Information Security Laboratory Environment Variable and Set-UID

Lab 1 - UID and Environ variables .pdf - CS 421 Information...

This preview shows page 1 - 3 out of 12 pages.

CS 421 Information Security Lab 1 Page 1 of 12 CS 421 - Information Security Laboratory Environment Variable and Set-UID Program Lab: 1. In this lab, students will understand How environment variables work? How they are propagated from parent process to child? How they affect system/program behaviors? This lab particularly oriented in how environment variables affect the behavior of Set-UID programs, which are usually privileged programs. Table of Contents Overview ................................................................................................................................ 1 Task 1: Manipulating environment variables .......................................................................... 2 Task 2: Inheriting environment variables from parents ........................................................... 2 Task 3: Environment variables and execve() ........................................................................... 4 Task 4: Environment variables and system() ........................................................................... 4 Task 5: Environment variable and Set-UID Programs .............................................................. 5 Task 6: The PATH Environment variable and Set-UID Programs .............................................. 6 Task 7: The LD PRELOAD environment variable and Set-UID Programs ................................... 7 Task 8: Invoking external programs using system() versus execve() ........................................ 9 Task 9: Capability Leaking ..................................................................................................... 11 Submission ............................................................................................................................ 12 Overview On September 24, 2014, a severe vulnerability in Bash was identified. Nicknamed Shellshock, this vulnerability can exploit many systems and be launched either remotely or from a local machine. In this lab, students need to work on this attack, so they can understand the Shellshock vulnerability. The learning objective of this lab is for students to get a first-hand experience on this interesting attack, understand how it works, and think about the lessons that we can get out of this attack. This lab covers the following topics: • Shellshock • Environment variables • Function definition in Bash
Image of page 1

Subscribe to view the full document.

CS 421 Information Security Lab 1 Page 2 of 12 • Apache and CGI programs Lab environment. This lab has been tested on our pre-built Ubuntu 16.04 VM, which can be downloaded from the SEED website. . Download the June 2019 version of ubuntu 16.04 Lab Tasks Task 1: Manipulating environment variables In this task, Study the commands that can be used to set and unset environment variables. Here using Bash in the seed account. The default shell that a user uses is set in the /etc/passwd file (the last field of each entry). You can change this to another shell program using the command chsh (please do not do it for this lab). Please do the following tasks: Use printenv or env command to print out the environment variables. If you are interested in some particular environment variables, such as PWD, you can use Command: $ printenv PWD or $ env | grep PWD Use export and unset to set or unset environment variables. It should be noted that these two commands are not separate programs; they are two of the Bash’s internal commands (you will not be able to find them outside of Bash). Command: $ export foo=’test string’ $ printenv foo $ unset foo $ printenv foo Task 2: Inheriting environment variables from parents In this task, Study how environment variables are inherited by child processes from their parents.
Image of page 2
Image of page 3
  • Winter '17
  • student

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern

Ask Expert Tutors You can ask You can ask ( soon) You can ask (will expire )
Answers in as fast as 15 minutes