Mercurial Mercurial > hg > sen-material / file revision
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
hws/hw03.tex
author Christian Urban <christian dot urban at kcl dot ac dot uk>
Mon, 05 Oct 2015 12:25:47 +0100
changeset 392 4dff36e2bbc6
parent 389 9019f84ef99c
child 465 76f9457b8f51
permissions -rw-r--r--
updated

\documentclass{article}
\usepackage{../style}


\begin{document}

\section*{Homework 3}

\HEADER

\begin{enumerate}

\item How does a buffer-overflow attack work? (Hint: What happens on
  the stack.)

\item Why is it crucial for a buffer overflow attack that the stack
  grows from higher addresses to lower ones?

\item If the attacker uses a buffer overflow attack in order to
inject code, why can this code not contain any zero bytes?

\item How does a stack canary help with preventing a buffer-overflow
  attack?

\item Why does randomising the addresses from where programs 
  are run help defending against buffer overflow attacks?

\item Assume format string attacks allow you to read out the
  stack. What can you do with this information? (Hint: Consider what
  is stored in the stack.)

\item Assume you can crash a program remotely. Why is this a problem?

\item How can the choice of a programming language help with buffer
  overflow attacks?  (Hint: Why are C-programs prone to such attacks,
  but not Java programs.)
  
\item When filling the buffer that is attacked with a
payload (starting a shell), what is the purpose of 
padding the string at the beginning with NOP-instructions.  
\end{enumerate}

\end{document}

%%% Local Variables: 
%%% mode: latex
%%% TeX-master: t
%%% End:
sen-material