Department of Electrical Engineering and Computer Science
Syracuse University

Format-String Vulnerability Lab

Lab Overview

The learningrning objective of this lab is for students to gain the first-hand experience on format-string vulnerability by putting what they have learned about the vulnerability from class into actions. The format-string vulnerability is caused by code like printf(user_input), where the contents of variable of user_input is provided by users. When this program is running with privileges (e.g., Set-UID program), this printf statement becomes dangerous, because it can lead to one of the following consequences: (1) crash the program, (2) read from an arbitrary memory place, and (3) modify the values of in an arbitrary memory place. The last consequence is very dangerous because it can allow users to modify internal variables of a privileged program, and thus change the behavior of the program.

In this lab, students will be given a program with a format-string vulnerability; their task is to develop a scheme to exploit the vulnerability. In addition to the attacks, students will be guided to walk through a protection scheme that can be used to defeat this type of attacks. Students need to evaluate whether the scheme work or not and explain why.

It should be noted that the outcome of this lab is operating system dependent. Our description and discussion are based on Ubuntu Linux. It should also work in the most recent version of Ubuntu. However, if you use different operating systems, different problems and issues might come up.

Lab Description and Tasks (PDF)

    For instructors: if you prefer to modify the lab description to suit your own courses, you can download the source files (Latex) from here.

Recommended Time:

  • Supervised lab environment: 2 hours
  • Unsupervised environment (e.g. take-home project): 1 week

Lecture Video: (watch)

Files that are Needed

Helpful Documents

Student Feedbacks

To help us understand how effectively this lab has enhanced students' learning in computer security, we asked students to fill out an anonymous survey right after they finish the lab. We started to conduct the survey since 2007. The survey results depicted in the following are aggregate results over several years.