Welcome to CS 110L 👋

Thea Rossman
Winter 2022
Today

● Quick intros
● Why are we here? (issues motivating the class)
● About & plans for the course

● Zoom norms:
○ Please enable video (if you have one)
○ Try to mute yourself when not speaking
○ Please ask and answer questions! Feel free to just unmute, but chat is
fine if you can't do that.
Who are we?
This course and all material were put together by Ryan Eberhardt and
Armin Namavari, with support from Will Crichton and Julio Ballista
Thea (pronounced thee-uh)

● MS/coterm focused on computer networking and systems

● Interest in the Internet / systems grew from CS110 & CS144; + being
adjacent to community broadband projects; interest in security grew from
being adjacent to social movement organizations navigating surveillance,
doxxing, infiltration, etc.
● Knows about systems & teaching systems. Rust newbie.
Who are you?

● Put in the chat...

○ Your name
○ What you're studying OR one fun fact about yourself
○ (Optionally) one thing that intrigues you about the class
Why are we here?
“Convert a String to Uppercase in C,” taken VERBATIM from Tutorials Point

#include <stdio.h>
#include <string.h>
int main() {
char s[100];
int i;
printf("\nEnter a string : ");
gets(s);
for (i = 0; s[i]!='\0'; i++) {
if(s[i] >= 'a' && s[i] <= 'z') {
s[i] = s[i] -32;
}
}
printf("\nString in Upper Case = %s", s);
return 0;
}
From the documentation: https://linux.die.net/man/3/gets
 Anatomy of a Stack Frame
High addresses
; push call arguments, in reverse … previous stuff …
push 3
push 2
push 1 Function parameters
call callee ; call subroutine ‘callee'

callee: Return address

push ebp ; save old call frame
mov ebp, esp ; initialize new call frame Saved base pointer
...do stuff...
mov esp, ebp
pop ebp ; restore old call frame
ret ; return
Local variables

add esp, 12 ; remove call arguments from frame

From https://en.wikipedia.org/wiki/X86_calling_conventions#cdecl Low addresses

 Anatomy of a Stack Frame
High addresses
; push call arguments, in reverse … previous stuff …
push 3
push 2
push 1 Function parameters
call callee ; call subroutine ‘callee'

callee: Return address

push ebp ; save old call frame
mov ebp, esp ; initialize new call frame Saved base pointer
...do stuff...

Local variables

Low addresses
 Anatomy of a Stack Frame
High addresses
; push call arguments, in reverse … previous stuff …
push 3
push 2
push 1 Function parameters
call callee ; call subroutine ‘callee'

callee: Return address

push ebp ; save old call frame
mov ebp, esp ; initialize new call frame Saved base pointer
...do stuff...

Local variables

Low addresses
 Anatomy of a Stack Frame
High addresses
; push call arguments, in reverse … previous stuff …
push 3
push 2
push 1 Function parameters
call callee ; call subroutine ‘callee'

callee: Return address

push ebp ; save old call frame
mov ebp, esp ; initialize new call frame Saved base pointer
...do stuff...

Local variables

Low addresses
 Anatomy of a Stack Frame
High addresses
; push call arguments, in reverse … previous stuff …
push 3
push 2
push 1 Function parameters
call callee ; call subroutine ‘callee'

callee: Return address

push ebp ; save old call frame
mov ebp, esp ; initialize new call frame Saved base pointer
...do stuff...
mov esp, ebp
pop ebp ; restore old call frame
ret ; return
Local variables

💣😓
Low addresses
 Morris Worm (circa 1988)
int main(int argc, char *argv[]) {
char line[512];
struct sockaddr_in sin;
int i, p[2], pid, status;
i = sizeof (sin);
if (getpeername(0, &sin, &i) < 0) fatal(argv[0], "getpeername");
if (gets(line) == NULL) exit(1);
register char *sp = line;
...
if ((pid = fork()) == 0) {
close(p[0]);
if (p[1] != 1) {
dup2(p[1], 1);
close(p[1]);
}
execv("/usr/ucb/finger", av);
_exit(1);
}
...
}
“Convert a String to Uppercase in C,” circa 2021

#include <stdio.h>
#include <string.h>
int main() {
char s[100];
int i;
printf("\nEnter a string : ");
gets(s);
for (i = 0; s[i]!='\0'; i++) {
if(s[i] >= 'a' && s[i] <= 'z') {
s[i] = s[i] -32;
}
}
printf("\nString in Upper Case = %s", s);
return 0;
}
 Okay, well, I'd know better.

Professional engineers don’t make such silly mistakes, right?

 “Like many modern cars, our car’s cellular capabilities facilitate a variety of safety and
convenience features (e.g. the car can automatically call for help if it detects a crash).
However, long-range communication channels also offer an obvious target for potential
attackers…”

The car has a 3G modem, but 3G service isn’t available everywhere (this was especially
true in 2011, when the paper was written). As such, the car also has an analog audio
modem with an associated telephone number! “To synthesize a digital channel in this
environment, the manufacturer uses Airbiquity’s aqLink software modem to covert
between analog waveforms and digital bits.”
“As mentioned earlier, the aqLink code explicitly supports packet sizes up to 1024 bytes.
However, the custom code that glues aqLink to the Command program assumes that
packets will never exceed 100 bytes or so (presumably since well-formatted command
messages are always smaller)”

“We also found that the entire attack can be implemented in a completely blind
fashion — without any capacity to listen to the car’s responses. Demonstrating this, we
encoded an audio file with the modulated post-authentication exploit payload and
loaded that file onto an iPod. By manually dialing our car on an office phone and then
playing this “song” into the phone’s microphone, we are able to achieve the same
results and compromise the car.”

http://www.autosec.org/pubs/cars-usenixsec2011.pdf
 One-byte overflow in Chrome OS:
https://googleprojectzero.blogspot.com/2016/12/chrome-os-exploit-one-byte-overflow-and.html
Spot the overflow

char buffer[128];
int bytesToCopy = packet.length;
if (bytesToCopy < 128) {
strncpy(buffer, packet.data, bytesToCopy);
}
Spot the overflow

char buffer[128];
int bytesToCopy = packet.length;
if (bytesToCopy < 128) { Proper bounds check
strncpy(buffer, packet.data, bytesToCopy);
} Use of strncpy (avoiding unsafe strcpy)
Spot the overflow

Signed char buffer[128];

int bytesToCopy = packet.length;
if (bytesToCopy < 128) {
strncpy(buffer, packet.data, bytesToCopy);
}
Cast to size_t (unsigned)
How can we find and/or prevent
problems like this?

This is the topic of this whole class :)

How can we find and/or prevent problems like this?

● Dynamic analysis: Run the program, watch what it does, and look for
problematic behavior [more in next lecture!]
● Static analysis: read the source code and try to spot the issues [more in next
lecture!]
● Write code differently: create habits and frameworks that make it harder to
produce these kinds of mistakes [more throughout the class!]
● Sandbox: accept that these issues will happen, but try to minimize the
consequences [more in future lecture on browsers!]
How can we find and/or prevent problems like this?

● Dynamic analysis: Run the program, watch what it does, and look for
problematic behavior [more in next lecture!]
○ What if the problematic behavior occurs in some edge case that
doesn't show up in testing?
● Static analysis: read the source code and try to spot the issues [more in next
lecture!]
● Write code differently: create habits and frameworks that make it harder to
produce these kinds of mistakes [more throughout the class!]
● Sandbox: accept that these issues will happen, but try to minimize the
consequences [more in future lecture on browsers!]
How can we find and/or prevent problems like this?

● Dynamic analysis: Run the program, watch what it does, and look for
problematic behavior [more in next lecture!]
● Static analysis: read the source code and try to spot the issues [more in next
lecture!]
○ So you think you can spot every issue ever?
○ (It's mathematically provable that you can't.)
● Write code differently: create habits and frameworks that make it harder to
produce these kinds of mistakes [more throughout the class!]
● Sandbox: accept that these issues will happen, but try to minimize the
consequences [more in future lecture on browsers!]
How can we find and/or prevent problems like this?

● Dynamic analysis: Run the program, watch what it does, and look for problematic
behavior [more in next lecture!]
● Static analysis: read the source code and try to spot the issues [more in next lecture!]
● Write code differently: create habits and frameworks that make it harder to produce
these kinds of mistakes [more throughout the class!]
○ This is where Rust -- and thinking about the philosophy / design choices
behind Rust -- comes in.
○ Possibly makes programming harder? Need to re-train engineers?
● Sandbox: accept that these issues will happen, but try to minimize the
consequences [more in future lecture on browsers!]
○ Equally important!
About CS 110L 👋
Course outline

● Key question: How can we prevent common mistakes in systems

programming?
● This is not a Rust class, although almost all of our programming will be
done in Rust
● How do we find and prevent common mistakes in C/C++?
● How does Rust’s type system prevent common memory safety errors?
● How do you architect good code?
● Avoiding multiprocessing pitfalls
● Avoiding multithreading pitfalls
● Putting all of this into practice: Networked systems
Course outline

● Corequisite: CS 110
● Pass/fail
● You will get out what you put in
● Components:
● Lecture
● Weekly exercises (40%)
● Two projects (40%)
● Participation (20%)
■ Coming to & participating in lecture
■ Asking/answering questions on Slack
Missing classes

● Class is officially in-person (if we can do so in a safer way)

● Communicate with me! Email or Slack.
● If we need a more rigorous hybrid option, I'll try to make one work
● We have recordings of lectures from previous quarters
● Happy to give extensions
Projects

● Project 1: Mini GDB

● Project 2: High-performance web server
● Functionality grading only
● The Rust compiler will be your interactive style grader!
● These projects are intended to give you additional experience in building real
systems, while having to think about some of the safety issues we’re
discussing. These may seem intimidating, but they really aren't!
● Working in groups is encouraged!
● Have a different idea? Let me know!
Exercises

● Each week (ish), there will be small programming problems to reinforce the
week’s lecture material
● Expected time: 1-3 hours
● In addition, you’ll be asked occasionally to complete an anonymous survey
about how the class is going and how we/I can improve
Work for Wednesday

Fill out this intro form: https://forms.gle/gjep8hA4J637amC5A

Join the Slack (Canvas sidebar -> Slack -> Join. All communication will be there!)

(Slides will be posted on website shortly after class.)