Computer Security Question

Consider the following piece of C code:
int main(int argc, char *argv[])
char continue = 0;
char password[8];
strcpy(password, argv[1 ]);
if (strcmp(password, ”CS1 66”)==0)
continue = 1 ;
if (continue)

in the above code, *login() is a pointer to the function login() ( in c, one can declare pointers to functions which means that the call to the function is actually a memory address that indicates where the executable code of the function lies). (1) Is this code vulnerable to a buffer-overflow attack with reference to the variables password[] and continue? if yes, describe how an attacker can achieve this and give an ideal ordering of the memory cells (assume that the memory address increase from left to right) that correspond the variables password[] and continue of the code so that this attack can be avoided. (2)To fix the problem, a security expert suggests to remove the variable continue and simply use the comparison for login. Does this fix the vulnerability? What kind of new buffer overflow attack can be achieved in a multiuser system where the login() function is shared by a lot of users(both malicious and nonmalicious ) and many users can try to log in at the same time? Assume for this question only (regardless of real systems’ behavior) that the pointer is on the stack rather that in the data segment, or a shared memory segment. (3) What is the existing vulnerability when login() is not a pointer to the function code but terminates with a return() command? Note that the function strcpy does not check an array’s length.

Order your essay today and save 25% with the discount code: COCONUT

Don't use plagiarized sources. Get Your Custom Essay on
Computer Security Question
Just from $13/Page
Order Essay

Order a unique copy of this paper

550 words
We'll send you the first draft for approval by September 11, 2018 at 10:52 AM
Total price:
Top Academic Writers Ready to Help
with Your Research Proposal
error: Content is protected !!
Live Chat+1(978) 822-0999EmailWhatsApp

Order your essay today and save 25% with the discount code COCONUT