Mercurial Mercurial > hg > sen-material / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
handouts/ho03.tex
changeset 326 6e4e9bdedf7b
parent 287 0b9a16ddd625
child 366 34a8f73b2c94
equal deleted inserted replaced
325:48c6751f2173 326:6e4e9bdedf7b 
   299 return address and arguments. If it had be the other way
 
   299 return address and arguments. If it had be the other way
 
   300 around, then such an overwriting by overflowing a local buffer
 
   300 around, then such an overwriting by overflowing a local buffer
 
   301 would just not work. Had the designers of C had just been able
 
   301 would just not work. Had the designers of C had just been able
 
   302 to foresee what headaches their way of arranging the stack
 
   302 to foresee what headaches their way of arranging the stack
 
   303 caused in the time where computers are accessible from
 
   303 caused in the time where computers are accessible from
 
   304 everywhere. 
   304 everywhere?
 
   305 
   305 
   306 What the outcome of such an attack is can be illustrated with
 
   306 What the outcome of such an attack is can be illustrated with
 
   307 the code shown in Figure~\ref{C2}. Under ``normal operation''
 
   307 the code shown in Figure~\ref{C2}. Under ``normal operation''
 
   308 this program ask for a login-name and a password. Both of
 
   308 this program ask for a login-name and a password. Both of
 
   309 which are stored in \code{char} buffers of length 8. The
 
   309 which are stored in \code{char} buffers of length 8. The
 
   664 harder, but not impossible. Indeed, I as an amateur attacker
 
   664 harder, but not impossible. Indeed, I as an amateur attacker
 
   665 had to explicitly switch off these defences. I run my example
 
   665 had to explicitly switch off these defences. I run my example
 
   666 under an Ubuntu version ``Maverick Meerkat'' from October 
   666 under an Ubuntu version ``Maverick Meerkat'' from October 
   667 2010 and the gcc 4.4.5. I have not tried whether newer versions
 
   667 2010 and the gcc 4.4.5. I have not tried whether newer versions
 
   668 would work as well. I tested all examples inside a virtual 
   668 would work as well. I tested all examples inside a virtual 
   669 box\footnote{https://www.virtualbox.org} insulating my main 
   669 box\footnote{\url{https://www.virtualbox.org}} insulating my main 
   670 system from any harm. When compiling the programs I called 
   670 system from any harm. When compiling the programs I called 
   671 the compiler with the following options:
 
   671 the compiler with the following options:
 
   672 
   672 
   673 \begin{center}
 
   673 \begin{center}
 
   674 \begin{tabular}{l@{\hspace{1mm}}l}
 
   674 \begin{tabular}{l@{\hspace{1mm}}l}
 
   686 of defences like the stack canaries. The fourth again makes it
 
   686 of defences like the stack canaries. The fourth again makes it
 
   687 a bit easier to read the code. The final option makes the
 
   687 a bit easier to read the code. The final option makes the
 
   688 stack executable, thus the the example in Figure~\ref{C3}
 
   688 stack executable, thus the the example in Figure~\ref{C3}
 
   689 works as intended. While this might be considered
 
   689 works as intended. While this might be considered
 
   690 cheating....since I explicitly switched off all defences, I
 
   690 cheating....since I explicitly switched off all defences, I
 
   691 hope I was able convey that this is actually not too far
 
   691 hope I was able convey that this is actually not too far from
 
   692 from realistic scenarios. I have shown you the classic version
 
   692 realistic scenarios. I have shown you the classic version of
 
   693 of the buffer overflow attacks. Updated variants do exist.
 
   693 the buffer overflow attacks. Updated variants do exist. Also
 
   694 Also one might argue buffer-overflow attacks have been
 
   694 one might argue buffer-overflow attacks have been solved on
 
   695 solved on computers (desktops or servers) but the computing
 
   695 computers (desktops or servers) but the computing landscape of
 
   696 landscape of nowadays is wider than ever. The main problem
 
   696 nowadays is wider than ever. The main problem nowadays are
 
   697 nowadays are embedded systems against which attacker can 
   697 embedded systems against which attacker can equally cause a
 
   698 equally cause a lot of harm and which are much less defended
 
   698 lot of harm and which are much less defended. Anthony Bonkoski
 
   699 against. Anthony Bonkoski makes a similar argument in his 
   699 makes a similar argument in his security blog:
 
   700 security blog:
 
       
   701 
   700 
   702 \begin{center}
 
   701 \begin{center}
 
   703 \url{http://jabsoft.io/2013/09/25/are-buffer-overflows-solved-yet-a-historical-tale/}
 
   702 \url{http://jabsoft.io/2013/09/25/are-buffer-overflows-solved-yet-a-historical-tale/}
 
   704 \end{center}
 
   703 \end{center}
 
   705 
   704
sen-material