Department of Electrical Engineering and Computer Science
Syracuse University

Race-Condition Vulnerability Lab

Overview

The learning objective of this lab is for students to gain the first-hand experience on the race-condition vulnerability by putting what they have learned about the vulnerability from class into actions. A race condition occurs when multiple processes access and manipulate the same data concurrently, and the outcome of the execution depends on the particular order in which the access takes place. If a privileged program has a race-condition vulnerability, attackers can run a parallel process to ``race'' against the privileged program, with an intention to change the behaviors of the program.

In this lab, students will be given a program with a race-condition vulnerability; their task is to develop a scheme to exploit the vulnerability and gain the root privilege. In addition to the attacks, students will be guided to walk through several protection schemes that can be used to counter the race-condition attacks. Students need to evaluate whether the schemes work or not and explain why.

Lab Description and Tasks (PDF)

    For instructors: if you prefer to modify the lab description to suit your own courses, you can download the source files (Latex) from here.

    VM Version: This lab description was originally developed for Ubuntu 9.11, but we have revised it for Ubuntu 11.04. You can still use our Ubuntu 9.11 VM image (accept some minor inconsistency), but it is better that you use our newer VM image (Ubuntu 11.04).

Recommended Time:

  • Supervised lab environment: 2 hours
  • Unsupervised environment (e.g. take-home project): 1 week

Lecture Video: (watch)

Files that are Needed

  • vulp.c (the vulnerable program)
  • check.sh (check whether the shadow file has been changed. You need to modify this file for checking the passwd file)

Student Feedbacks

To help us understand how effectively this lab has enhanced students' learning in computer security, we asked students to fill out an anonymous survey right after they finish the lab. We started to conduct the survey since 2007. The survey results depicted in the following are aggregate results over several years.