For each lecture, we'll post slides, an outline of the content, a recording, and supplemental reading. Slides will be up before lecture (but not necessarily at 9:00am); we post slides with all animations (good for following along exactly) and with limited animations (good for studying/taking notes on). The outline and recording will be posted after lecture (but not necessarily at 3:00pm; likely the next day or so). You can do the supplemental reading before or after lecture; whatever works best for you.

• Slides: all animations, limited animations
• Outline
• Recording; Close-up recording of stack-smashing demos
• Supplemental Reading: No supplemental reading for this lecture, but here are some entirely optional papers, for those who are interested in learning about this topic in more depth.
  • Smashing the Stack for Fun and Profit by Aleph One
  • Beyond Stack Smashing: Recent Advances in Exploiting Buffer Overruns by Pincus and Baker
  • Reflections on Trusting Trust by Ken Thompson

After this lecture, at a minimum, you should be able to do the following:

• Given a piece of simple C code (such as the examples in lecture), explain the steps necessary to execute a basic stack-smashing attack by exploiting gets. For example: How many bytes would need to be inputted to overflow the buffer? What variable would you try to overwrite? What content would you aim to write into that variable (e.g., the address of what function)?
  • You do not need to be able to use gdb, or write code in C.
• Explain the assumptions that the basic stack-smashing attacks in lecture relied on (e.g., that we could reliably predict the address of a function).
• Explain how a user could detect Thompson's hack in the first version of our hacked compiler (the one that only inserts a backdoor into UNIX).
• Explain why this same method does not allow a user to detect the hack with the "hacked v2.0 C compiler".

Practice problems

• 2019, Problem 13 (Solutions) -- this is actually a question about Meltdown, but it references stack-smashing too.