The goal of this assignment is to find some (deliberate) security
holes in a short program I wrote.  (It's quite possible there are
more than I intended -- you get extra credit if you find a new one,
so long as your attack techniques only target this program and not,
say, my account, the network, etc....)

The program in question is /home/w4187/hw4_bin/pretend-hw

pretend-hw is a bad variant on the homework submission program.
It accepts one or more files and copies them to a submission directory.
I am deliberately not saying anything about what the command does
or what its syntax is.

The goal of this assignment is to figure out what my "homework" is.
The only things you will know for sure, starting out, are first, that
it's stored somewhere under /home/w4187, and second, that it's owned
by user 'smb'.

The actual attack program is likely to be quite small; the real
effort here is in finding the holes.  As such, you need to turn in
a written document explaining your analysis, including the output
of any commands you ran.

*This is not a paper-writing exercise*.  If you found it useful to
run

	snark --boojum

say so, and mention signficant output lines from the program.
Don't bother to explain what snark or its --boojum option do; assume
that I either know or can find out.  An annotated session from the
"script" command, though not quite what I want, is much closer to what
I'm looking for than a technical paper is.  Again -- concentrate on
the techniques; don't spend your time writing or (worse yet)
formatting.

There are at least three (maybe four, depending on how you count)
holes in the program -- impressive, in a source file that's only
158 lines long.  You only need to find one hole.

In addition to those bugs, there may be a buffer overflow.  Since
knowledge of assembler is not a prerequisite for this class, I'm not
asking you to exploit any buffer overflows if they exist.  However,
you *must* write up how you tested for their presence or absence,
and how you reached the conclusion you did.

I do not think you can damage /home/w4187/hw4_bin/pretend-hw;
regardless, it's against the rules to try.  If you think you've
done so accidentally, notify me *immediately*.