From b4cfb382e6d9531d0af279c8e099fe13b4c424fe Mon Sep 17 00:00:00 2001 From: Stefan Jumarea Date: Thu, 2 Oct 2025 15:22:52 +0300 Subject: [PATCH 1/6] lab-setup: Add instructions for the lab archives Add general instructions about the lab archives in the general setup page. Signed-off-by: Stefan Jumarea --- misc/lab-setup.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/misc/lab-setup.md b/misc/lab-setup.md index 19f15e089d..de185c0b64 100644 --- a/misc/lab-setup.md +++ b/misc/lab-setup.md @@ -4,6 +4,12 @@ You can work on any Linux setup (native install, `WSL`, `VM`), but we strongly recommend you use the [`operating-systems` class VMs](https://cs-pub-ro.github.io/operating-systems/resources#virtual-machine). +## Laboratory archives + +All the laboratories have archives with the work items. +**We recommend working with the provided archives instead of using the repository.** +If, however, you want to use the repository directly, you can find instructions below. + ## Cloning the repository If you haven't already cloned the repository, do so and you are ready to go: From 422cdc442e0c22b99d315287b56cdc1c5a550a9c Mon Sep 17 00:00:00 2001 From: Stefan Jumarea Date: Thu, 2 Oct 2025 14:44:16 +0300 Subject: [PATCH 2/6] lab1: Add link to the lab 1 archive Add links to the lab archive and change directory references. Signed-off-by: Stefan Jumarea --- chapters/software-stack/overview/reading/lab1.md | 1 + .../system-calls/drills/tasks/basic-syscall/README.md | 4 ++-- .../system-calls/drills/tasks/libcall-syscall/README.md | 2 +- .../system-calls/drills/tasks/syscall-wrapper/README.md | 2 +- config.yaml | 1 + 5 files changed, 6 insertions(+), 4 deletions(-) create mode 100644 chapters/software-stack/overview/reading/lab1.md diff --git a/chapters/software-stack/overview/reading/lab1.md b/chapters/software-stack/overview/reading/lab1.md new file mode 100644 index 0000000000..66f7f544f2 --- /dev/null +++ b/chapters/software-stack/overview/reading/lab1.md @@ -0,0 +1 @@ +The contents of the lab are located in the [lab archive](https://github.com/cs-pub-ro/operating-systems/raw/refs/heads/lab-archives/Lab_1_Operating_System_Perspective.zip) and in the [GitHub repository](https://github.com/cs-pub-ro/operating-systems). diff --git a/chapters/software-stack/system-calls/drills/tasks/basic-syscall/README.md b/chapters/software-stack/system-calls/drills/tasks/basic-syscall/README.md index c2accd9eb9..7d41c59983 100644 --- a/chapters/software-stack/system-calls/drills/tasks/basic-syscall/README.md +++ b/chapters/software-stack/system-calls/drills/tasks/basic-syscall/README.md @@ -1,7 +1,7 @@ # System Calls -Enter the `chapters/software-stack/system-calls/drills/tasks/basic-syscall/` folder. -Run `make` and then enter `chapters/software-stack/system-calls/drills/tasks/basic-syscall/support/` folder and go through the practice items below. +Enter the `basic-syscall/` directory of the extracted archive (or `chapters/software-stack/system-calls/drills/tasks/basic-syscall/` if you are working directly in the repository). +Run `make` and then enter `support/` folder and go through the practice items below. For debugging, use `strace` to trace the system calls from your program and make sure the arguments are set right. diff --git a/chapters/software-stack/system-calls/drills/tasks/libcall-syscall/README.md b/chapters/software-stack/system-calls/drills/tasks/libcall-syscall/README.md index d9577f05dc..92467b7b60 100644 --- a/chapters/software-stack/system-calls/drills/tasks/libcall-syscall/README.md +++ b/chapters/software-stack/system-calls/drills/tasks/libcall-syscall/README.md @@ -1,6 +1,6 @@ # Library Calls vs System Calls -Enter the `chapters/software-stack/system-calls/drills/tasks/libcall-syscall/support/` folder and go through the practice items below. +Enter the `libcall-syscall/support/` directory from the extracted archive (or `chapters/software-stack/system-calls/drills/tasks/libcall-syscall/support/` if you are working directly in the repository) and go through the practice items below. 1. Check library calls and system calls for the `call2.c` file. Use `ltrace` and `strace`. diff --git a/chapters/software-stack/system-calls/drills/tasks/syscall-wrapper/README.md b/chapters/software-stack/system-calls/drills/tasks/syscall-wrapper/README.md index 8a6632b256..6f471a8d80 100644 --- a/chapters/software-stack/system-calls/drills/tasks/syscall-wrapper/README.md +++ b/chapters/software-stack/system-calls/drills/tasks/syscall-wrapper/README.md @@ -1,6 +1,6 @@ # System Call Wrappers -Enter the `chapters/software-stack/system-calls/syscall-wrapper/drills/tasks/support/` folder and go through the practice items below. +Enter the `syscall-wrapper/` directory from the extracted archive (or `chapters/software-stack/system-calls/syscall-wrapper/drills/tasks/support/` if you are working directly in the repository) and run `make`, then go through the practice items below. 1. Update the files in the `support/` folder to make `read` system call available as a wrapper. Make a call to the `read` system call to read data from standard input in a buffer. diff --git a/config.yaml b/config.yaml index 16f15d1578..3d715742b3 100644 --- a/config.yaml +++ b/config.yaml @@ -15,6 +15,7 @@ lab_structure: - title: Lab 1 - Operating System Perspective filename: lab1.md content: + - reading/lab1.md - tasks/basic-syscall.md - tasks/syscall-wrapper.md - tasks/libcall-syscall.md From db151df8c28e249f94ec6fe5f64599ced906b104 Mon Sep 17 00:00:00 2001 From: Stefan Jumarea Date: Thu, 2 Oct 2025 15:41:08 +0300 Subject: [PATCH 3/6] lab2: Add link to the lab 2 archive Add links to the lab archive and change directory references. Signed-off-by: Stefan Jumarea --- .../applications/drills/tasks/app-investigation/README.md | 2 +- .../high-level-languages/drills/tasks/high-level-lang/README.md | 2 +- .../software-stack/libc/drills/tasks/common-functions/README.md | 2 +- chapters/software-stack/libc/drills/tasks/libc/README.md | 2 +- chapters/software-stack/overview/reading/lab2.md | 1 + config.yaml | 1 + 6 files changed, 6 insertions(+), 4 deletions(-) create mode 100644 chapters/software-stack/overview/reading/lab2.md diff --git a/chapters/software-stack/applications/drills/tasks/app-investigation/README.md b/chapters/software-stack/applications/drills/tasks/app-investigation/README.md index 2bc4722ee8..85c6b52d9a 100644 --- a/chapters/software-stack/applications/drills/tasks/app-investigation/README.md +++ b/chapters/software-stack/applications/drills/tasks/app-investigation/README.md @@ -1,6 +1,6 @@ # App Investigation -Enter the `chapters/software-stack/applications/drills/tasks/app-investigation/support/` folder and go through the practice items below. +Enter the `app-investigation` directory from the lab archive (or `chapters/software-stack/applications/drills/tasks/app-investigation/` if you are working directly in the repository), run `make skels` and go through the practice items below. Select a binary executable application and a scripted application. 1. Use `ldd` on the two applications. diff --git a/chapters/software-stack/high-level-languages/drills/tasks/high-level-lang/README.md b/chapters/software-stack/high-level-languages/drills/tasks/high-level-lang/README.md index 360c6d92b4..50c0fe632a 100644 --- a/chapters/software-stack/high-level-languages/drills/tasks/high-level-lang/README.md +++ b/chapters/software-stack/high-level-languages/drills/tasks/high-level-lang/README.md @@ -1,6 +1,6 @@ # High-Level Languages -Enter the `chapters/software-stack/high-level-languages/drills/tasks/high-level-lang/` folder, run `make skels`, then enter `spport/` +Enter the `high-level-lang/` directory from the lab archive (or `chapters/software-stack/high-level-languages/drills/tasks/high-level-lang/` if you are working directly in the repository), run `make skels`, then enter `spport/` Then go through the practice items below. 1. Use `make` to create the `hello` executable from the `hello.go` file (a Go "Hello, World!"-printing program). diff --git a/chapters/software-stack/libc/drills/tasks/common-functions/README.md b/chapters/software-stack/libc/drills/tasks/common-functions/README.md index b0ee0e0c8b..85f2924533 100644 --- a/chapters/software-stack/libc/drills/tasks/common-functions/README.md +++ b/chapters/software-stack/libc/drills/tasks/common-functions/README.md @@ -1,6 +1,6 @@ # Common Functions -Enter the `chapters/software-stack/libc/drills/tasks/common-functions/` folder, run `make skels`, then enter `support/`. +Enter the `common-functions/` directory in the lab archive (or `chapters/software-stack/libc/drills/tasks/common-functions/` if you are working directly in the repository), run `make skels`, then enter `support/`. Go through the practice items below. 1. Update `os_string.c` and `os_string.h` to make available the `os_strcat()` function that performs the same string concatenation as `strcat()` from `libc`. diff --git a/chapters/software-stack/libc/drills/tasks/libc/README.md b/chapters/software-stack/libc/drills/tasks/libc/README.md index 6c62cd6d77..1b53f9c6ce 100644 --- a/chapters/software-stack/libc/drills/tasks/libc/README.md +++ b/chapters/software-stack/libc/drills/tasks/libc/README.md @@ -1,6 +1,6 @@ # Libraries and libc -Enter the `chapters/software-stack/libc/libc/drills/tasks/` folder, run `make skels`, then enter `support/`. +Enter the `libc/support/` directory from the lab archive (or `chapters/software-stack/libc/libc/drills/tasks/support/` if you are working directly in the repository). Now go through the practice items below. 1. Use `malloc()` and `free()` functions in the `memory.c` program. diff --git a/chapters/software-stack/overview/reading/lab2.md b/chapters/software-stack/overview/reading/lab2.md new file mode 100644 index 0000000000..5d2822d155 --- /dev/null +++ b/chapters/software-stack/overview/reading/lab2.md @@ -0,0 +1 @@ +The contents of the lab are located in the [lab archive](https://github.com/cs-pub-ro/operating-systems/raw/refs/heads/lab-archives/Lab_2_Library_Perspective.zip) and in the [GitHub repository](https://github.com/cs-pub-ro/operating-systems). diff --git a/config.yaml b/config.yaml index 3d715742b3..8124640438 100644 --- a/config.yaml +++ b/config.yaml @@ -26,6 +26,7 @@ lab_structure: - title: Lab 2 - Library Perspective filename: lab2.md content: + - reading/lab2.md - tasks/common-functions.md - tasks/libc.md - tasks/high-level-lang.md From 051ae270003b5c733a7d5cb4b6884911b2883a80 Mon Sep 17 00:00:00 2001 From: Stefan Jumarea Date: Thu, 2 Oct 2025 16:14:12 +0300 Subject: [PATCH 4/6] lab3: Add link to the lab 3 archive Add links to the lab archive and change directory references. Signed-off-by: Stefan Jumarea --- chapters/data/overview/reading/lab3.md | 1 + .../working-with-memory/drills/tasks/access-counter/README.md | 2 +- .../working-with-memory/drills/tasks/memory-access/README.md | 2 +- .../drills/tasks/memory-corruption/README.md | 2 +- .../drills/tasks/memory-protection/README.md | 2 +- config.yaml | 1 + 6 files changed, 6 insertions(+), 4 deletions(-) create mode 100644 chapters/data/overview/reading/lab3.md diff --git a/chapters/data/overview/reading/lab3.md b/chapters/data/overview/reading/lab3.md new file mode 100644 index 0000000000..353ddd984e --- /dev/null +++ b/chapters/data/overview/reading/lab3.md @@ -0,0 +1 @@ +The contents of the lab are located in the [lab archive](https://github.com/cs-pub-ro/operating-systems/raw/refs/heads/lab-archives/Lab_3_Memory.zip) and in the [GitHub repository](https://github.com/cs-pub-ro/operating-systems). diff --git a/chapters/data/working-with-memory/drills/tasks/access-counter/README.md b/chapters/data/working-with-memory/drills/tasks/access-counter/README.md index 7c35a34b53..6cc3b8ea21 100644 --- a/chapters/data/working-with-memory/drills/tasks/access-counter/README.md +++ b/chapters/data/working-with-memory/drills/tasks/access-counter/README.md @@ -1,6 +1,6 @@ # Access Counter -Navigate to the `chapters/data/working-with-memory/drills/tasks/access-counter/support` directory. +Navigate to the `access-counter/` directory from the lab archive (or `chapters/data/working-with-memory/drills/tasks/access-counter/support` if you are working directly in the repository). Your goal is to update the `src/access_counter.c` source code file to capture memory access exceptions (i.e. the `SIGSEGV` signal) and to update page permissions in order for the access to eventually succeed. Use `mprotect` to update the protection of the pages in stages: read, write and then exec. diff --git a/chapters/data/working-with-memory/drills/tasks/memory-access/README.md b/chapters/data/working-with-memory/drills/tasks/memory-access/README.md index 950c73f690..39eae5e1e3 100644 --- a/chapters/data/working-with-memory/drills/tasks/memory-access/README.md +++ b/chapters/data/working-with-memory/drills/tasks/memory-access/README.md @@ -1,6 +1,6 @@ # Memory Access -Navigate to the `chapters/data/working-with-memory/drills/tasks/memory-access/` directory, run `make skels`, and enter `support/src/`. +Navigate to the `memory-access/` directory from the lab archive (or `chapters/data/working-with-memory/drills/tasks/memory-access/` if you are running directly in the repository), run `make skels`, and enter `support/src/`. Inspect the `mem_access.c` source file. 1. Describe each variable by completing its **(address, size, access rights)** tuple. diff --git a/chapters/data/working-with-memory/drills/tasks/memory-corruption/README.md b/chapters/data/working-with-memory/drills/tasks/memory-corruption/README.md index 058c323e29..a432cd0c1e 100644 --- a/chapters/data/working-with-memory/drills/tasks/memory-corruption/README.md +++ b/chapters/data/working-with-memory/drills/tasks/memory-corruption/README.md @@ -2,7 +2,7 @@ For this practice item, you will need to identify the programming mistake that makes it possible to corrupt memory. -Navigate to the `chapters/data/working-with-memory/drills/tasks/memory-corruption/` folder, run `make skels` and enter `support/src/`. +Navigate to the `memory-corruption/` directory in the lab archive (or `chapters/data/working-with-memory/drills/tasks/memory-corruption/` if you are working directly in the repository) run `make skels` and enter `support/src/`. Inspect the source file `segfault.c`. 1. What does the program do? (this could be a quiz in the final form) diff --git a/chapters/data/working-with-memory/drills/tasks/memory-protection/README.md b/chapters/data/working-with-memory/drills/tasks/memory-protection/README.md index 7819ccde54..893754495b 100644 --- a/chapters/data/working-with-memory/drills/tasks/memory-protection/README.md +++ b/chapters/data/working-with-memory/drills/tasks/memory-protection/README.md @@ -1,6 +1,6 @@ # Memory Protection -Let's navigate to the `chapters/data/working-with-memory/drills/tasks/memory-protection/`, run `make skels` and enter the `support/src/` directory. +Let's navigate to the `memory-protection/` directory from the lab archive (or `chapters/data/working-with-memory/drills/tasks/memory-protection/` if you are working directly in the repository), run `make skels` and enter the `support/src/` directory. Inspect the `mem_prot.c` source file. The file uses different access types for the `data` variable and the `do_nothing` function. diff --git a/config.yaml b/config.yaml index 8124640438..3db0f2fe34 100644 --- a/config.yaml +++ b/config.yaml @@ -39,6 +39,7 @@ lab_structure: - title: Lab 3 - Memory filename: lab3.md content: + - reading/lab3.md - tasks/memory-access.md - tasks/memory-corruption.md - tasks/memory-protection.md From e918d9cf9a8e6a124ca6de7b6fdc179bfa2c951c Mon Sep 17 00:00:00 2001 From: Stefan Jumarea Date: Thu, 2 Oct 2025 17:08:09 +0300 Subject: [PATCH 5/6] lab4: Add link to the lab 4 archive Add links to the lab archive and change directory references. Signed-off-by: Stefan Jumarea --- chapters/data/overview/reading/lab4.md | 1 + chapters/data/process-memory/drills/tasks/alloc-size/README.md | 2 +- chapters/data/process-memory/drills/tasks/copy/README.md | 2 +- .../data/process-memory/drills/tasks/memory-areas/README.md | 2 +- .../data/process-memory/drills/tasks/modify-areas/README.md | 2 +- chapters/data/process-memory/drills/tasks/page-mapper/README.md | 2 +- .../process-memory/drills/tasks/reference-counting/README.md | 2 +- config.yaml | 1 + 8 files changed, 8 insertions(+), 6 deletions(-) create mode 100644 chapters/data/overview/reading/lab4.md diff --git a/chapters/data/overview/reading/lab4.md b/chapters/data/overview/reading/lab4.md new file mode 100644 index 0000000000..a0505896a3 --- /dev/null +++ b/chapters/data/overview/reading/lab4.md @@ -0,0 +1 @@ +The contents of the lab are located in the [lab archive](https://github.com/cs-pub-ro/operating-systems/raw/refs/heads/lab-archives/Lab_4_Investigate_Memory.zip) and in the [GitHub repository](https://github.com/cs-pub-ro/operating-systems). diff --git a/chapters/data/process-memory/drills/tasks/alloc-size/README.md b/chapters/data/process-memory/drills/tasks/alloc-size/README.md index e9341d4564..61404f70e7 100644 --- a/chapters/data/process-memory/drills/tasks/alloc-size/README.md +++ b/chapters/data/process-memory/drills/tasks/alloc-size/README.md @@ -1,6 +1,6 @@ # Allocating and Deallocating Memory -Navigate to the `chapters/data/process-memory/drills/tasks/alloc-size/support` directory. +Navigate to the `alloc-size/support/` directory from the lab archive (or `chapters/data/process-memory/drills/tasks/alloc-size/support` if you are working directly in the repository). 1. Use `pmap` to analyze the process address space for `ALLOC_SIZE_KB` initialized to `256`. Notice the new memory areas and the difference between the use of `mmap` syscall and `brk` syscall. diff --git a/chapters/data/process-memory/drills/tasks/copy/README.md b/chapters/data/process-memory/drills/tasks/copy/README.md index cf0d5b41ee..a79393411e 100644 --- a/chapters/data/process-memory/drills/tasks/copy/README.md +++ b/chapters/data/process-memory/drills/tasks/copy/README.md @@ -1,6 +1,6 @@ # Memory Mapping -Navigate to the `chapters/data/process-memory/drills/tasks/copy/` directory, run `make skels` and open the `support/src` directory. +Navigate to the `copy/` directory from the lab archive (or `chapters/data/process-memory/drills/tasks/copy/` if you are working directly in the repository), run `make skels` and open the `support/src` directory. Here you will find these files: * `read_write_copy.c` in which you will implement copying with `read` / `write` syscalls diff --git a/chapters/data/process-memory/drills/tasks/memory-areas/README.md b/chapters/data/process-memory/drills/tasks/memory-areas/README.md index 41436721e5..648084969b 100644 --- a/chapters/data/process-memory/drills/tasks/memory-areas/README.md +++ b/chapters/data/process-memory/drills/tasks/memory-areas/README.md @@ -1,6 +1,6 @@ # Memory Regions -Enter the `chapters/data/process-memory/drills/tasks/memory-areas/support` directory. +Enter the `memory-areas/support/` directory in the lab archive (or `chapters/data/process-memory/drills/tasks/memory-areas/support` if you are working directly in the repository). We investigate other programs. 1. The `hello.c` program prints out a message and then sleeps. diff --git a/chapters/data/process-memory/drills/tasks/modify-areas/README.md b/chapters/data/process-memory/drills/tasks/modify-areas/README.md index 7b35053ec0..d495e4beec 100644 --- a/chapters/data/process-memory/drills/tasks/modify-areas/README.md +++ b/chapters/data/process-memory/drills/tasks/modify-areas/README.md @@ -1,6 +1,6 @@ # Modifying Memory Region Size -Navigate to the `chapters/data/process-memory/drills/tasks/modify-areas/support` directory. +Navigate to the `modify-areas/support/` directory in the lab archive (or `chapters/data/process-memory/drills/tasks/modify-areas/support` if you are working directly in the repository). 1. Comment out different parts of the `hello.c` program to notice differences in only specific areas (text, data, bss, heap, stack). diff --git a/chapters/data/process-memory/drills/tasks/page-mapper/README.md b/chapters/data/process-memory/drills/tasks/page-mapper/README.md index 0f87f2cc00..1cd5db2db1 100644 --- a/chapters/data/process-memory/drills/tasks/page-mapper/README.md +++ b/chapters/data/process-memory/drills/tasks/page-mapper/README.md @@ -1,6 +1,6 @@ ## Page Mapper -Navigate to the `chapters/data/process-memory/drills/tasks/page-mapper/support` directory. +Navigate to the `page-mapper/support/` directory in the lab archive (or `chapters/data/process-memory/drills/tasks/page-mapper/support` if you are working directly in the repository). Your goal is to update the `src/page_mapper.c` source code file to reserve virtual pages in the address space of the current process. Use `mmap()` to reserve virtual pages. diff --git a/chapters/data/process-memory/drills/tasks/reference-counting/README.md b/chapters/data/process-memory/drills/tasks/reference-counting/README.md index 7091eaea71..5a82a77206 100644 --- a/chapters/data/process-memory/drills/tasks/reference-counting/README.md +++ b/chapters/data/process-memory/drills/tasks/reference-counting/README.md @@ -1,6 +1,6 @@ # Operator overloading -Navigate to the `chapters/data/process-memory/drills/tasks/reference-counting/support` directory. +Navigate to the `reference-counting/support/` directory in the lab archive (or `chapters/data/process-memory/drills/tasks/reference-counting/support` if you are working directly in the repository). Analyze the `operators.d` file. A `struct` is defined that also implements 4 special functions: a constructor, a copy constructor, an assignment operator and a destructor. Each of these special functions may be called automatically by the compiler: diff --git a/config.yaml b/config.yaml index 3db0f2fe34..c30f82cb95 100644 --- a/config.yaml +++ b/config.yaml @@ -51,6 +51,7 @@ lab_structure: - title: Lab 4 - Investigate Memory filename: lab4.md content: + - reading/lab4.md - tasks/alloc-size.md - tasks/copy.md - tasks/memory-areas.md From 059d905ddcad67abc8d7995a7b34511d2f2200b4 Mon Sep 17 00:00:00 2001 From: Stefan Jumarea Date: Thu, 2 Oct 2025 17:25:20 +0300 Subject: [PATCH 6/6] lab5: Add link to the lab 5 archive Add links to the lab archive and change directory references. Signed-off-by: Stefan Jumarea --- chapters/data/memory-security/drills/tasks/aslr/README.md | 2 +- .../drills/tasks/bypassing-stack-protector/README.md | 4 ++-- .../memory-security/drills/tasks/exec-shellcode/README.md | 6 ++---- .../drills/tasks/pointer-arithmetic-leak/README.md | 3 +-- .../memory-security/drills/tasks/stack-protector/README.md | 4 ++-- chapters/data/overview/reading/lab5.md | 1 + config.yaml | 1 + 7 files changed, 10 insertions(+), 11 deletions(-) create mode 100644 chapters/data/overview/reading/lab5.md diff --git a/chapters/data/memory-security/drills/tasks/aslr/README.md b/chapters/data/memory-security/drills/tasks/aslr/README.md index 7ae3036d81..5e9131a1dd 100644 --- a/chapters/data/memory-security/drills/tasks/aslr/README.md +++ b/chapters/data/memory-security/drills/tasks/aslr/README.md @@ -1,6 +1,6 @@ # ASLR -Navigate to `chapters/data/memory-security/drills/tasks/aslr` and run `make skels` to generate the `support/` folder. +Navigate to the `aslr` directory in the lab archive (or `chapters/data/memory-security/drills/tasks/aslr` if you are working directly in the repository) and run `make skels` to generate the `support/` folder. Then navigate to `support/src`. Use the `Makefile.aslr` file to compile the `chapters/data/memory-security/drills/tasks/aslr/support/aslr.c` file: diff --git a/chapters/data/memory-security/drills/tasks/bypassing-stack-protector/README.md b/chapters/data/memory-security/drills/tasks/bypassing-stack-protector/README.md index b464de3c0e..92972125de 100644 --- a/chapters/data/memory-security/drills/tasks/bypassing-stack-protector/README.md +++ b/chapters/data/memory-security/drills/tasks/bypassing-stack-protector/README.md @@ -1,9 +1,9 @@ # Bypassing the Stack Protector -Navigate to `chapters/data/memory-security/drills/tasks/bypassing-stack-protector` and run `make skels` to generate the `support/` folder. +Navigate to the `bypassing-stack-protector` directory in the lab archive (or `chapters/data/memory-security/drills/tasks/bypassing-stack-protector` if you are working directly in the repository) and run `make skels` to generate the `support/` folder. Then navigate to `support/src`. -Inspect the `chapters/data/memory-security/drills/tasks/bypassing-stack-protector/support/stack_protector.c` source file. +Inspect the `bypassing-stack-protector/support/stack_protector.c` source file. Compile the program and examine the object code. Try to identify the canary value. Using the `addr` variable, write 2 instructions: one that indexes `addr` to overwrite the canary with the correct value and one that indexes `addr` to overwrite the return address with the address of function `pawned()`. diff --git a/chapters/data/memory-security/drills/tasks/exec-shellcode/README.md b/chapters/data/memory-security/drills/tasks/exec-shellcode/README.md index 01da34895a..d48d8ecf56 100644 --- a/chapters/data/memory-security/drills/tasks/exec-shellcode/README.md +++ b/chapters/data/memory-security/drills/tasks/exec-shellcode/README.md @@ -1,11 +1,9 @@ ## Shellcode Executor -Navigate to `chapters/data/memory-security/drills/tasks/exec-shellcode` and run `make skels` to generate the `support/` folder. +Navigate to the `exec-shellcode` directory in the lab archive (or `chapters/data/memory-security/drills/tasks/exec-shellcode` if you are working directly in the repository) and run `make skels` to generate the `support/` folder. Then navigate to `support/src`. -Navigate to the `chapters/data/memory-security/drills/tasks/exec-shellcode/support/` directory. - -Your goal is to update the `src/exec-shellcode.s` source code file to be able to read and execute shellcodes from a given binary files. +Your goal is to update the `exec-shellcode.s` source code file to be able to read and execute shellcodes from a given binary files. The program thus acts as a shellcode tester. A [shellcode](https://cocomelonc.github.io/tutorial/2021/10/09/linux-shellcoding-1.html) is a small program that is commonly used in memory-related security exploits as a form of arbitrary code execution. diff --git a/chapters/data/memory-security/drills/tasks/pointer-arithmetic-leak/README.md b/chapters/data/memory-security/drills/tasks/pointer-arithmetic-leak/README.md index 06e90cd746..58ee7e62a7 100644 --- a/chapters/data/memory-security/drills/tasks/pointer-arithmetic-leak/README.md +++ b/chapters/data/memory-security/drills/tasks/pointer-arithmetic-leak/README.md @@ -1,9 +1,8 @@ # Wild Pointer Arithmetic Info Leak -Navigate to `chapters/data/memory-security/drills/tasks/pointer-arithmetic-leak` and run `make skels` to generate the `support/` folder. +Navigate to the `pointer-arithmetic-leak/` in the lab archive (or `chapters/data/memory-security/drills/tasks/pointer-arithmetic-leak` if you are working directly in the repository) and run `make skels` to generate the `support/` folder. Then navigate to `support/src`. -Navigate to the `chapters/data/memory-security/drills/tasks/pointer-arithmetic-leak/support/` directory. Open and analyze the `buff_leak.c` file. The pointer `p` points to the stack. diff --git a/chapters/data/memory-security/drills/tasks/stack-protector/README.md b/chapters/data/memory-security/drills/tasks/stack-protector/README.md index 1f85fee6a8..3e3e35ece1 100644 --- a/chapters/data/memory-security/drills/tasks/stack-protector/README.md +++ b/chapters/data/memory-security/drills/tasks/stack-protector/README.md @@ -1,9 +1,9 @@ # Stack Protector -Navigate to `chapters/data/memory-security/drills/tasks/stack-protector` and run `make skels` to generate the `support/` folder. +Navigate to `stack-protector/` directory in the lab archive (or `chapters/data/memory-security/drills/tasks/stack-protector` if you are working directly in the repository) and run `make skels` to generate the `support/` folder. Then navigate to `support/src`. -Comment the `-fno-stack-protector` switch from the `chapters/data/memory-security/drills/tasks/stack-protector/support/Makefile`, recompile and run the `bo_practice_write` executable. +Comment the `-fno-stack-protector` switch from `stack-protector/support/Makefile`, recompile and run the `bo_practice_write` executable. Examine the binary with `objdump` and identify the instructions that set and test the canary. Observe what happens when a buffer overflow occurs. diff --git a/chapters/data/overview/reading/lab5.md b/chapters/data/overview/reading/lab5.md new file mode 100644 index 0000000000..d320a108f4 --- /dev/null +++ b/chapters/data/overview/reading/lab5.md @@ -0,0 +1 @@ +The contents of the lab are located in the [lab archive](https://github.com/cs-pub-ro/operating-systems/raw/refs/heads/lab-archives/Lab_5_Memory_Security.zip) and in the [GitHub repository](https://github.com/cs-pub-ro/operating-systems). diff --git a/config.yaml b/config.yaml index c30f82cb95..a71d04b1f7 100644 --- a/config.yaml +++ b/config.yaml @@ -70,6 +70,7 @@ lab_structure: - title: Lab 5 - Memory Security filename: lab5.md content: + - reading/lab5.md - tasks/pointer-arithmetic-leak.md - tasks/aslr.md - tasks/stack-protector.md