Mercurial Mercurial > hg > sen-material / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
hws/hw03.tex
changeset 466 ddf7315450c9
parent 465 76f9457b8f51
child 521 34775227c84f
equal deleted inserted replaced
465:76f9457b8f51 466:ddf7315450c9 
    14   the stack.)
 
    14   the stack.)
 
    15 
    15 
    16 \item Why is it crucial for a buffer overflow attack that the stack
 
    16 \item Why is it crucial for a buffer overflow attack that the stack
 
    17   grows from higher addresses to lower ones?
 
    17   grows from higher addresses to lower ones?
 
    18 
    18 
    19 \item If the attacker uses a buffer overflow attack in order to
 
    19 \item What does it mean for the stack to be executable and why is this
 
    20 inject code, why can this code not contain any zero bytes?
 
    20   important for a buffer overflow attack?
 
       
    21   
       
    22 \item If the attacker uses a buffer overflow attack in order to inject
 
       
    23   code, why can this code not contain any zero bytes?
 
    21 
    24 
    22 \item How does a stack canary help with preventing a buffer-overflow
 
    25 \item How does a stack canary help with preventing a buffer-overflow
 
    23   attack?
 
    26   attack?
 
    24 
    27 
    25 \item Why does randomising the addresses from where programs 
    28 \item Why does randomising the addresses from where programs are run
 
    26   are run help defending against buffer overflow attacks?
 
    29   help defending against buffer overflow attacks?
 
    27 
    30 
    28 \item What is a format string attack?
 
    31 \item What is a format string attack?
 
    29   
    32   
    30 \item Assume format string attacks allow you to read out the
 
    33 \item Assume format string attacks allow you to read out the
 
    31   stack. What can you do with this information? (Hint: Consider what
 
    34   stack. What can you do with this information? (Hint: Consider what
 
    35 
    38 
    36 \item How can the choice of a programming language help with buffer
 
    39 \item How can the choice of a programming language help with buffer
 
    37   overflow attacks?  (Hint: Why are C-programs prone to such attacks,
 
    40   overflow attacks?  (Hint: Why are C-programs prone to such attacks,
 
    38   but not Java programs.)
 
    41   but not Java programs.)
 
    39   
    42   
    40 \item When filling the buffer that is attacked with a
 
    43 \item When filling the buffer that is attacked with a payload
 
    41 payload (starting a shell), what is the purpose of 
    44   (starting a shell), what is the purpose of padding the string at the
 
    42 padding the string at the beginning with NOP-instructions.
 
    45   beginning with NOP-instructions.
 
    43 
    46 
    44 \item \POSTSCRIPT
 
    47 \item \POSTSCRIPT
 
    45 \end{enumerate}
 
    48 \end{enumerate}
 
    46 
    49 
    47 \end{document}
 
    50 \end{document}
sen-material