Advanced Security

Exercise 1 : Race condition at the OS level

Run the experiment described in the lecture slides (from slide 13 to 20).
On the Ensimag machine we cannot disable the countermeasure on symbolic links, so we cannot target the /etc/passwd file ...

Alternatively you can:

1.  Run both the vulnerable program and the attack program from a same shell, as explained on the slides, , targeting a regular file from your own ...
2.  A bit more  interesting, run both program from two different shells  (owned by the same user) ,  still targeting a regular file from your own ...
3.   Much (?) more interesting, try to run the attack  using two shells owned by different users (using the "su" command to open these two shells on the same machine).

Exercise 2 : Race condition inside an application.

1. Read, compile and execute this small C++ program containing a race condition
2. Check that this race condition is detected by Thread Sanitizer (using the -fsanitize=thread option at compile time).
3. Using the same coding patterns reproduce the example provided on the lecture slide 4, using a global variable to simulate the data base ; run it without Thread Sanitizer to observe the vulnerability (i.e., withdrawing more cash than authorized !)