Homework Help is Here – Start Your Trial Now!
Engineering
Computer Engineering
On a 32-bit processor, a baggy bounds scheme is expected to set all of the bounds table entries to 31 at initialization time. Assume that a buggy implementation with a slot size of 32 bytes performs bounds table initialization inappropriately, resulting in random entries being incorrectly set to 1. Assume that a networked server processes network messages using an uninstrumented library. Assume that this library does not include some buffer overflow bugs (i.e., it never calls unsafe functions such as gets()). However, the server suffers from the above-mentioned bounds table initialization issue, and an attacker may submit messages to the server that force the library to dynamically assign and write memory in an attacker-controlled amount using uninstrumented code that looks like this: / N is the size of the buffer that the intruder gets to choose. for (int I = 0; I N/4; i++, p += 4) char *p = malloc(N); *p = 'a'; *(p+1) = 'b'; *(p+2) = 'c'; *(p+3) = 'd'; Assume the server is using a buddy memory allocator with a maximum allocation size of 2 16 (larger allocations would fail). What is the smallest N that an intruder can choose that will unquestionably cause the server to crash? Why is that N going to trigger a crash?

On a 32-bit processor, a baggy bounds scheme is expected to set all of the bounds table entries to 31 at initialization time. Assume that a buggy implementation with a slot size of 32 bytes performs bounds table initialization inappropriately, resulting in random entries being incorrectly set to 1. Assume that a networked server processes network messages using an uninstrumented library. Assume that this library does not include some buffer overflow bugs (i.e., it never calls unsafe functions such as gets()). However, the server suffers from the above-mentioned bounds table initialization issue, and an attacker may submit messages to the server that force the library to dynamically assign and write memory in an attacker-controlled amount using uninstrumented code that looks like this: / N is the size of the buffer that the intruder gets to choose. for (int I = 0; I N/4; i++, p += 4) char *p = malloc(N); *p = 'a'; *(p+1) = 'b'; *(p+2) = 'c'; *(p+3) = 'd'; Assume the server is using a buddy memory allocator with a maximum allocation size of 2 16 (larger allocations would fail). What is the smallest N that an intruder can choose that will unquestionably cause the server to crash? Why is that N going to trigger a crash?

Computer Networking: A Top-Down Approach (7th Edition)
Computer Networking: A Top-Down Approach (7th Edition)
7th Edition
ISBN:9780133594140
Author:James Kurose, Keith Ross
Publisher:James Kurose, Keith Ross
Chapter1: Computer Networks And The Internet
Section: Chapter Questions
Problem R1RQ: What is the difference between a host and an end system? List several different types of end...
See similar textbooks
icon
Related questions
Question

On a 32-bit processor, a baggy bounds scheme is expected to set all of the bounds table entries to 31 at initialization time. Assume that a buggy implementation with a slot size of 32 bytes performs bounds table initialization inappropriately, resulting in random entries being incorrectly set to 1.


Assume that a networked server processes network messages using an uninstrumented library. Assume that this library does not include some buffer overflow bugs (i.e., it never calls unsafe functions such as gets()).


However, the server suffers from the above-mentioned bounds table initialization issue, and an attacker may submit messages to the server that force the library to dynamically assign and write memory in an attacker-controlled amount using uninstrumented code that looks like this:


/ N is the size of the buffer that the intruder gets to choose.
for (int I = 0; I N/4; i++, p += 4)

char *p = malloc(N);

*p = 'a';

*(p+1) = 'b';

*(p+2) = 'c';

*(p+3) = 'd';


Assume the server is using a buddy memory allocator with a maximum allocation size of 2 16 (larger allocations would fail).

What is the smallest N that an intruder can choose that will unquestionably cause the server to crash? Why is that N going to trigger a crash?

Expert Solution
trending now

Trending now

This is a popular solution!

steps

Step by step

Solved in 2 steps

SEE SOLUTIONCheck out a sample Q&A here
Blurred answer
Recommended textbooks for you
Computer Networking: A Top-Down Approach (7th Edi…
Computer Networking: A Top-Down Approach (7th Edi…
Computer Engineering
ISBN:
9780133594140
Author:
James Kurose, Keith Ross
Publisher:
PEARSON
Computer Organization and Design MIPS Edition, Fi…
Computer Organization and Design MIPS Edition, Fi…
Computer Engineering
ISBN:
9780124077263
Author:
David A. Patterson, John L. Hennessy
Publisher:
Elsevier Science
Network+ Guide to Networks (MindTap Course List)
Network+ Guide to Networks (MindTap Course List)
Computer Engineering
ISBN:
9781337569330
Author:
Jill West, Tamara Dean, Jean Andrews
Publisher:
Cengage Learning
Concepts of Database Management
Concepts of Database Management
Computer Engineering
ISBN:
9781337093422
Author:
Joy L. Starks, Philip J. Pratt, Mary Z. Last
Publisher:
Cengage Learning
Prelude to Programming
Prelude to Programming
Computer Engineering
ISBN:
9780133750423
Author:
VENIT, Stewart
Publisher:
Pearson Education
Sc Business Data Communications and Networking, T…
Sc Business Data Communications and Networking, T…
Computer Engineering
ISBN:
9781119368830
Author:
FITZGERALD
Publisher:
WILEY
SEE MORE TEXTBOOKS