Memory Safety

Buffer overflow vulnerabilities

You should keep only 61C's config (not 161's config), and when SSHing, you need to explicitly type the usernames: ssh cs61c-xyz@hive22 or ssh cs161-xyz@hive22.

ebp always points to sfp.

看以下这个例子

char buf[8];
int authenticated = 0;
void vulnerable() {
    gets(buf);
}

由于 gets(buf) 不会检查，所以可能导致缓冲区溢出

比如如果攻击者可以将 9 个字节的数据写入 buf （第 9 个字节设置为非零值），则会将 authenticated 标志设置为 true，并且攻击者将能够获得访问权限。

被覆盖的也可以是一个指向地址的指针，这样就会在试图跳转到原本指向的地址时跳转到覆写的任何地址上，从而执行一些恶意指令

void func(int len, char *data){
	
}

memcpy 中的 size_n 是 unsigned 的

Cryptography

In a nutshell, cryptography is about communicating securely over insecure communication channels.

Introduction

这里有个攻击 CS61A 考试的 Lab，如果想做的话可以发邮件给 Maddie

Definition

几个主要角色:

Alice and Bob: The main characters trying to send messages to each other
over an insecure communication channel (之后还会有 Carol 和 Dave)
Eve: An eavesdropper who can read any data sent over the channel (也被称为 honest-but-curious attacker)
Mallory: A manipulator who can read and modify any data sent over the
channel (也被称为 malicious attacker)

三大属性:

Confidentiality(机密性): An adversary cannot read our messages.
Integrity(完整性): An adversary cannot change our messages without being detected.
Authenticity(真实性): I can prove that this message came from the person who
- 注意真实性依赖于完整性(如果信息被篡改，无论信息来源如何都没有意义)