Consider the following C code: void greet {char *arg) { char buffer [16]: printf

Question

Consider the following C code: void greet {char *arg) { char buffer [16]: printf("I am the Senate. What is your name? "): scanf("%s", buffer): printf("It's treason then, %s ", buffer): } int main(int arge char *argv[]) { char beg [6] = 'Kenobi': char end [9] = 'maybe not?': strncat(beg, end, 5): greet(argv[1]): return 0: } What is the line number that has a memory vulnerability and what is this vulnerability called? Just before the program executes line 4, the registers are: %esp: 0xBFFFFB20 %ebp: 0xBFFFFB48 Given this information, describe in detail how an attacker would take advantage of the vulnerability. Also make sure to include the address that the attacker needs to over-write. (Maximum 5 sentences) What would you change to fix the problem in part 1? Given the code as is, would stack canaries prevent exploitation of this vulnerability? Why or why not?

Explanation / Answer

Interviewers would generally want to avoid blasé, typical questions that a candidate would have been able to practice, especially if they have been professionally coached while covering the major cybersecurity topics. Rather than start with asking for the usual short biography, these days most interviewers open with prompting the interviewee to -   

“Tell me about your home network.”

Although there is no right answer for this question, it helps the candidate relax, while pushing them off script. From there, try probing into details and ask relevant questions about decisions.

Related Questions

Navigate

• Browse (All)
• Browse C
• Subjects

---

---

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.