You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
At the time of this writing, the whole level 2 game is misguided. The fix is not only in that extra checking whether the index is negative, like it is suggested in solution.c. The fix is more about the redesign of the API and concomitant code to apply the information hiding principle by restricting access to the user account structure. An end user should never work directly with low level data. They should only receive a minimum amount of data by which they can be adequately authenticated and authorized by a target system.
How to reproduce
Change line number 1 in hack.c to reference solution.c instead of code.h. Insert the following line in hack.c before the final tests whether admin rights have been acquired:
ua->isAdmin = true;
How to Fix the Bug
Any attacker would seek the path of least resistance to achieve their goals. Why would anyone bother passing negative indexes to the update procedure, when all they need to perform is simply set the matching field to true?
Therefore, the function create_user_account should return a user id whilst update_setting should receive this id. A separate function should be available to read the user's status based upon their id. At any moment in time, all what a user would hold is their unique id and never work with implementation level structures.
Of course, besides making the above changes all inputs must be properly validated, including the suggested change for checking against a negative index value.
The text was updated successfully, but these errors were encountered:
evarga
changed the title
[Bug] Level 2 - Without proper Information hiding security accidents cannot be prevented
[Bug] Level 2 - Without proper information hiding security accidents cannot be prevented
Dec 9, 2023
Excellent approach for how to introduce even more security. Please feel free to open a PR that closes this issue, where you also add into the solution file, explaining the concepts as above :-) Thank you
Summary
At the time of this writing, the whole level 2 game is misguided. The fix is not only in that extra checking whether the index is negative, like it is suggested in
solution.c
. The fix is more about the redesign of the API and concomitant code to apply the information hiding principle by restricting access to the user account structure. An end user should never work directly with low level data. They should only receive a minimum amount of data by which they can be adequately authenticated and authorized by a target system.How to reproduce
Change line number 1 in
hack.c
to referencesolution.c
instead ofcode.h
. Insert the following line inhack.c
before the final tests whether admin rights have been acquired:How to Fix the Bug
Any attacker would seek the path of least resistance to achieve their goals. Why would anyone bother passing negative indexes to the update procedure, when all they need to perform is simply set the matching field to
true
?Therefore, the function
create_user_account
should return a user id whilstupdate_setting
should receive this id. A separate function should be available to read the user's status based upon their id. At any moment in time, all what a user would hold is their unique id and never work with implementation level structures.Of course, besides making the above changes all inputs must be properly validated, including the suggested change for checking against a negative index value.
The text was updated successfully, but these errors were encountered: