Mercurial Mercurial > hg > sen-material / file revision
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
hws/hw03.tex
author Christian Urban <christian dot urban at kcl dot ac dot uk>
Tue, 04 Oct 2016 13:44:05 +0100
changeset 465 76f9457b8f51
parent 392 4dff36e2bbc6
child 466 ddf7315450c9
permissions -rw-r--r--
updated

\documentclass{article}
\usepackage{../style}


\begin{document}

\section*{Homework 3}

\HEADER

\begin{enumerate}

\item How does a buffer-overflow attack work? (Hint: What happens on
  the stack.)

\item Why is it crucial for a buffer overflow attack that the stack
  grows from higher addresses to lower ones?

\item If the attacker uses a buffer overflow attack in order to
inject code, why can this code not contain any zero bytes?

\item How does a stack canary help with preventing a buffer-overflow
  attack?

\item Why does randomising the addresses from where programs 
  are run help defending against buffer overflow attacks?

\item What is a format string attack?
  
\item Assume format string attacks allow you to read out the
  stack. What can you do with this information? (Hint: Consider what
  is stored in the stack.)

\item Assume you can crash a program remotely. Why is this a problem?

\item How can the choice of a programming language help with buffer
  overflow attacks?  (Hint: Why are C-programs prone to such attacks,
  but not Java programs.)
  
\item When filling the buffer that is attacked with a
payload (starting a shell), what is the purpose of 
padding the string at the beginning with NOP-instructions.

\item \POSTSCRIPT
\end{enumerate}

\end{document}

%%% Local Variables: 
%%% mode: latex
%%% TeX-master: t
%%% End:
sen-material