Question

The success of race condition attacks is usually probabilistic. An attacker may need to run the attack multiple times until successfully modifying /etc/passwd. Your first task is to complete the partially filled shell script that runs vprog in a loop until you detect that /etc/passwd has been modified.

Answer 1

Create a shell script running `vprog` in a loop. It calculates the initial checksum of /etc/passwd, and if modified, breaks the loop. The script ensures a probabilistic approach to race condition attacks.

Here's a basic shell script that runs the `vprog` program in a loop until it detects a modification in the `/etc/passwd` file:

```bash

#!/bin/bash

# Initial checksum of /etc/passwd

initial_checksum=$(md5sum /etc/passwd | cut -d ' ' -f 1)

while true; do

# Run the vprog program

./vprog

# Calculate the current checksum of /etc/passwd

current_checksum=$(md5sum /etc/passwd | cut -d ' ' -f 1)

# Compare the initial and current checksums

if [ "$initial_checksum" != "$current_checksum" ]; then

echo "/etc/passwd has been modified!"

break

fi

# Sleep for a while before the next iteration

sleep 1

done

```

This script uses an infinite loop to repeatedly execute the `vprog` program. Before the loop, it calculates the initial checksum of the `/etc/passwd` file. Inside the loop, after running `vprog`, it calculates the current checksum and compares it with the initial one. If there is a difference, it means that the file has been modified, and the loop breaks. The script includes a sleep between iterations to avoid continuous, resource-intensive checks.