hws/hw03.tex
author Christian Urban <urbanc@in.tum.de>
Mon, 06 Nov 2017 10:40:23 +0000
changeset 561 17cd7fdee7c8
parent 521 34775227c84f
permissions -rw-r--r--
updated

\documentclass{article}
\usepackage{../style}


\begin{document}

\section*{Homework 3}

\HEADER

\begin{enumerate}

\item How does a buffer-overflow attack work? (Hint: What happens on
  the stack.)

\item Why is it crucial for a buffer overflow attack that the stack
  grows from higher addresses to lower ones?

\item What does it mean for the stack to be executable and why is this
  important for a buffer overflow attack?
  
\item If the attacker uses a buffer overflow attack in order to inject
  code, why can this code not contain any zero bytes?

\item How does a stack canary help with preventing a buffer-overflow
  attack?

\item Why does randomising the addresses from where programs are run
  help defending against buffer overflow attacks?

\item What is a format string attack?
  
\item Assume format string attacks allow you to read out the
  stack. What can you do with this information? (Hint: Consider what
  is stored in the stack.)

\item Assume you can crash a program remotely. Why is this a problem?

\item How can the choice of a programming language help with buffer
  overflow attacks?  (Hint: Why are C-programs prone to such attacks,
  but not Java programs.)
  
\item When filling the buffer that is attacked with a payload
  (starting a shell), what is the purpose of padding the string at the
  beginning with NOP-instructions.

\item In the context of buffer-overflow attacks, explain briefly
what is meant by a \emph{NOP-sledge}.  

\item \POSTSCRIPT
\end{enumerate}

\end{document}

%%% Local Variables: 
%%% mode: latex
%%% TeX-master: t
%%% End: