equal
deleted
inserted
replaced
23 attack? |
23 attack? |
24 |
24 |
25 \item Why does randomising the addresses from where programs |
25 \item Why does randomising the addresses from where programs |
26 are run help defending against buffer overflow attacks? |
26 are run help defending against buffer overflow attacks? |
27 |
27 |
|
28 \item What is a format string attack? |
|
29 |
28 \item Assume format string attacks allow you to read out the |
30 \item Assume format string attacks allow you to read out the |
29 stack. What can you do with this information? (Hint: Consider what |
31 stack. What can you do with this information? (Hint: Consider what |
30 is stored in the stack.) |
32 is stored in the stack.) |
31 |
33 |
32 \item Assume you can crash a program remotely. Why is this a problem? |
34 \item Assume you can crash a program remotely. Why is this a problem? |
35 overflow attacks? (Hint: Why are C-programs prone to such attacks, |
37 overflow attacks? (Hint: Why are C-programs prone to such attacks, |
36 but not Java programs.) |
38 but not Java programs.) |
37 |
39 |
38 \item When filling the buffer that is attacked with a |
40 \item When filling the buffer that is attacked with a |
39 payload (starting a shell), what is the purpose of |
41 payload (starting a shell), what is the purpose of |
40 padding the string at the beginning with NOP-instructions. |
42 padding the string at the beginning with NOP-instructions. |
|
43 |
|
44 \item \POSTSCRIPT |
41 \end{enumerate} |
45 \end{enumerate} |
42 |
46 |
43 \end{document} |
47 \end{document} |
44 |
48 |
45 %%% Local Variables: |
49 %%% Local Variables: |