UP | HOME
2019-09-18 | ../../

Lab: Software without Security Holes

Table of Contents

1 Overview

  1. Objectives: Introduce you to source code analysis based tools. Get you to think about secure programming some more.

1.1 Prerequisites

  1. Install sudo apt install splint https://splint.org/
  2. Install sudo apt install valgrind Visit http://valgrind.org/
  3. Install UNO from https://github.com/nimble-code/Uno Visit http://spinroot.com/uno/. You ought to read this PDF also.
  4. Install RATS following link
  5. Download the source code of the latest stable release of sudo from http://www.sudo.ws/sudo/.

2 Tasks

Not all tasks are equal in difficulty. Devote your time wisely on what interests you most.

2.1 Task: Effective Use of Splint [20 points]

  1. Answer the following questions. Some of them are answered in the Splint manual.
  2. Write the two loop invariant assertions for a sorting program in C, based on bubble sort. [Link to Java program from an excellent book.]
  3. The C/C++ data type char can be used as an int. (i) Is it signed or unsigned? (ii) Are the types of p and q declared as in char *p and char q[] the same? (iii) Of the two signatures of typical main method of C programs shown here, which is to be preferred and why?
    1. int main (unsigned int argc, char **argv, char ** envp)
    2. int main (unsigned int argc, char *argv[], char ** envp)

  4. Explain the meaning (in your own words, not by a cut-n-paste) of the Splint annotations shown in the following line of C code: 

    typedef /*@abstract@*/ /*@immutable@*/ int weekDay;

2.2 Task: Analyze sudo [20 points]

  1. Build sudo from its source code. Read the included man page, not man sudo. Check that the newly built sudo "works." Submit details of how you checked.
  2. Run splint, with no flags (except for include-related), collectively on all the source code files of sudo. Insert all its messages into the lab report as an appendix.
  3. Select three interesting messages regarding source code errors generated by splint, and explain the messages and the causes for their generation.

2.3 Task: RATS, Valgrind, and UNO [3 * 10 points]

  1. Use each of the tools named RATS, valgrind, and UNO on the source code files and/or the sudo program built from the above.
  2. Select and discuss five discoveries made by each of the tools. Total 15 items.
  3. Write a comparative review of the tools.

2.4 Task: Code Style [20 points]

  1. Holzmann's paper (see the References of ../SecSoftware) presents "Ten Rules for Writing Safety Critical Code". One line versions of these are shown below.
    1. Restrict to simple control flow constructs.
    2. Give all loops a fixed upper-bound.
    3. Do not use dynamic memory allocation after initialization.
    4. Limit functions to no more than 60 lines of text.
    5. Use minimally two assertions per function on average.
    6. Declare data objects at the smallest possible level of scope.
    7. Check the return value of non-void functions, and check the validity of function parameters.
    8. Limit the use of the preprocessor to file inclusion and simple macros.
    9. Limit the use of pointers. Use no more than two levels of dereferencing per expression.
    10. Compile with all warnings enabled, and use one or more source code analyzers.
  2. List all violations of these rules that sudo makes.

3 Tasks: [Bonus][Optional]

3.1 Task: sudo Keeps Growing! [20 points]

  1. For your awareness, the tar ball sizes of a few sudo versions are shown below.
    1. -rw-r--r-- 1 pmateti pmateti 0349785 2003 sudo-1.6.7p5.tar.gz
    2. -rw-r--r-- 1 pmateti pmateti 1608969 2012 sudo-1.8.4p4.tar.g
    3. -rw-rw-r-- 1 pmateti pmateti 2117145 2013 sudo-1.8.8.tar.gz
    4. -rw-rw-r-- 1 pmateti pmateti 2976081 2017 sudo-1.8.21p2.tar.gz
    5. -rw-rw-r-- 1 pmateti pmateti 3189951 2018 sudo-1.8.25p1.tar.gz
    6. -rw-rw-r-- 1 pmateti pmateti 3293178 2019 sudo-1.8.27.tar.gz
  2. Summarize what has improved. Explain the increase in size.

3.2 Task: Improve the man Pages of sudo [20 points]

  1. Study the different versions of the man pages of sudo that are in these tar balls. Focus on the "seven sins of the specifier", namely, 1. Noise, 2. Silence: 3. Overspecification, 4. Contradiction, 5. Ambiguity, 6. Forward Reference, 7. Wishful Thinking (from Bertrand Meyer 1985). Do you find that the man pages became better or worse over the years. Write up your findings.

4 Submission

  1. [10 points] You must follow the Lab Report Template. There should be a section on each of the tasks. Include a couple of lines of an answer to each (implied/ explicit) question/ discussion item.
  2. Use good judgement and do not make the report way longer than, say, 20 pages. Submit explanations and code that verifies your answers.
  3. Submit a PDF file named exactly Report-L3.pdf. (Scripts are used to check various things – so file names should obey such "rules".)

5 References

  1. Prabhaker Mateti, Software Development without Security Holes, 2019. Required Reading.

6 End

Copyright © 2019 www.wright.edu/~pmateti • 2019-09-18