Assignment 2, due Feb 5

Always, on every assignment, please write your name legibly as it appears on your University ID and on the class list! All assignments will be due at the start of class on the day indicated (usually a Friday), and unless there is what insurance companies call "an act of God" - something outside your control; the only exceptions to this rule will be by advance arrangement.

1. Background: Some storage managers offer an interesting option for detecting buffer overflow attacks and related programming errors and preventing them from doing any damage. The idea is to allocate each dynamically allocated object (including arrays) in a separate page (or block of consecutive pages, for large objects) of the address space. In addition, no objects are allocated in consecutive pages of the address space, so that there is always at least one page between objects, where no access is permitted to that page.

   a) Estimate the size of typical objects you have used for dynamic data structures in programs you have written. If a page is 4K bytes, what is the overhead this scheme imposes. Estimate overhead two ways, as a fraction of available RAM, and as a fraction of the address space. (0.5 points)

   b) Note that the buffer overflow demonstrated in Friday's class was an attack on a buffer that was part of the activation record of a subroutine. As described above, this scheme may not protect against buffer overflows in local or global variables. Whether it does or does not protect against such attacks depends on the interpretation of one phrase. Identify that phrase and explain why the likely interpretation does not include global variables and might not include local variables. (0.5 points)

2. Background: Another defense against buffer overflow attacks involves having the loader pick a random virtual address for the start of the program each time it loads the program in memory.

   a) What does this prevent? (0.5 points)

   b) What complexity does it introduce that is avoided when a program is always run from the same virtual address each time it is loaded? (0.5 points)

3. Background: Consider a process on a Unix system. Each process in this system has a code segment that always starts at virtual address zero, a stack segment that grows down from the highest virtual address, a and a static segment. Executable object files can be executed by directly copying them into code segment.

   a) Explain what part of the function of execve() on this system could be implemented using the semantics of unmap() and mmap(). (0.5 points)

   b) Explain what part of the function of execve() on this system would require memory to memory copying and cannot be done by mmap(). (0.5 points)

   c) With this approach to implementation, where does the static segment go relative to the program segment and the stack segment? (0.5 points)

   d) How does this use of mmap() come in conflict with one or more of the defenses against buffer overflow attacks we have discussed? (0.5 points)

4. Empirically determine, for example, by writing some small C programs, using a debugger, or by other means, the organization of the address space of a user program on the Linux system of your choice. What system did you use, and on that system,
   • where is the stack,
   • where is the code segment,
   • where is the static segment,
   • where is the heap?
   For each of the above, document how you arrived at your answer. (1 point)