Lab 2: Set-UID and Environment Variables

Due Sunday September 25th

Overview

In this lab, students will understand how environment variables work, how they are propagated from parent process to child, and how they affect system/program behaviors. Environment variables are a set of dynamic named values that can affect the way running processes will behave on a computer. They are used by most operating systems since they were introduced into Unix in 1979. Although environment variables affect program behaviors, how they achieve that is not well understood by many programmers. As a result, if a program uses environment variables, but the programmer does not know that they are used, the program may have vulnerabilities. We are particularly interested in how environment variables affect the behavior of Set-UID programs, which are usually privileged programs. This lab covers the following topics:

Setup

You will need to download a zip file and put them on your VM. The zip contains some C programs that you will experiment with during the lab.

Instructions

Lab 2 instructions: https://www.cs.montana.edu/pearsall/classes/fall2022/476/labs/Lab2-SetUID.pdf

Follow the instructions above and complete the tasks in your SEED Labs VM. Your solutions/output/observations will all be put into a lab report. See the next sections for the lab report.

Lab report expectations

The lab report is to help me see that you did the lab and followed the instructions. For each task, you should include a screenshot to show you completed the task. If the task asks you to write down observations, you should also include those in your lab report. For the tasks that requires you to do some thinking and find ways to exploit a program, you should write a brief description about your approach and the steps you took to get your output.

This is a lab report taken from a previous offering of this course. This is a good example of how you should format your lab report: https://www.cs.montana.edu/pearsall/classes/fall2022/476/labs/SampleLabReportFormat.pdf