CSE 227: Lecture 6

The topics covered in this lecture are buffer overflow attacks, IFS, and setuid script attacks. I will not provide on-line details for these, but feel free to come talk to me any time I'm in my office MWF.

The class project: security code reviews. Divide yourselves into groups of 3, and select some open source package of at least 2KLOC. Email me your group membership and identify the software that you'll be reviewing. Your job is to identify bugs -- especially security bugs -- in the code. This is due Feb 13.

After we do this we'll swap software packages, and after a brief respite your group will do a security review of software that another group had examined. This second review will be due on Mar 8.

The group(s) that finds the most security critical bugs -- I decide how important they are, so not just raw number of bugs -- get (very small) prizes.

[ search CSE | CSE | bsy's home page | links | webster | MRQE | google | yahoo | citeseer | certserver ]
picture of bsy

bsy+cse227w02@cs.ucsd.edu, last updated Mon Apr 8 20:19:51 PDT 2002. Copyright 2002 Bennet Yee.
email bsy.

Don't make me hand over my privacy keys!