Mercurial Mercurial > hg > sen-material / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
handouts/ho03.tex
changeset 376 8098bde31185
parent 375 3145f522774c
child 377 fed7ce62b6d6
equal deleted inserted replaced
375:3145f522774c 376:8098bde31185 
   208 data (Lines 2 to 9). Since there is no real computation going
 
   208 data (Lines 2 to 9). Since there is no real computation going
 
   209 on inside \pcode{foo}, the function then just restores the
 
   209 on inside \pcode{foo}, the function then just restores the
 
   210 stack to its old state and crucially sets the return address
 
   210 stack to its old state and crucially sets the return address
 
   211 where the computation should resume (Line 9 in the code on the
 
   211 where the computation should resume (Line 9 in the code on the
 
   212 left-hand side). The instruction \code{ret} then transfers
 
   212 left-hand side). The instruction \code{ret} then transfers
 
   213 control back to the function \pcode{main} to the the
 
   213 control back to the function \pcode{main} to the
 
   214 instruction just after the call to \pcode{foo}, that is Line
 
   214 instruction just after the call to \pcode{foo}, that is Line
 
   215 9.
 
   215 9.
 
   216  
   216  
   217 Another part of the ``conspiracy'' of buffer overflow attacks
 
   217 Another part of the ``conspiracy'' of buffer overflow attacks
 
   218 is that library functions in C look typically as follows:
 
   218 is that library functions in C look typically as follows:
 
   684 compiler to include debugging information and also produce
 
   684 compiler to include debugging information and also produce
 
   685 non-optimised code (the latter makes the output of the code a
 
   685 non-optimised code (the latter makes the output of the code a
 
   686 bit more predictable). The third is important as it switches
 
   686 bit more predictable). The third is important as it switches
 
   687 off defences like the stack canaries. The fourth again makes it
 
   687 off defences like the stack canaries. The fourth again makes it
 
   688 a bit easier to read the code. The final option makes the
 
   688 a bit easier to read the code. The final option makes the
 
   689 stack executable, thus the the example in Figure~\ref{C3}
 
   689 stack executable, thus the example in Figure~\ref{C3}
 
   690 works as intended. While this might be considered
 
   690 works as intended. While this might be considered
 
   691 cheating....since I explicitly switched off all defences, I
 
   691 cheating....since I explicitly switched off all defences, I
 
   692 hope I was able convey that this is actually not too far from
 
   692 hope I was able convey that this is actually not too far from
 
   693 realistic scenarios. I have shown you the classic version of
 
   693 realistic scenarios. I have shown you the classic version of
 
   694 the buffer overflow attacks. Updated variants do exist. Also
 
   694 the buffer overflow attacks. Updated variants do exist. Also
sen-material