# HG changeset patch # User Christian Urban # Date 1412529631 -3600 # Node ID 8fe0dc898c73363110f0619eb11fc194b407d42e # Parent c75a03ab8ac9a5ec903d7acba54c687e4bf9d3fd added example1 diff -r c75a03ab8ac9 -r 8fe0dc898c73 handouts/ho03.pdf Binary file handouts/ho03.pdf has changed diff -r c75a03ab8ac9 -r 8fe0dc898c73 handouts/ho03.tex --- a/handouts/ho03.tex Sat Oct 04 15:55:05 2014 +0100 +++ b/handouts/ho03.tex Sun Oct 05 18:20:31 2014 +0100 @@ -23,6 +23,13 @@ free-riding script-kiddies who use this technology without knowing what are the underlying ideas. + +\bigskip +For buffer overflow attacks to work a number of innocent +design decisions, which are benign on their own, need to +conspire against you. One such design decision is how the +memory is laid out for each process. + \bigskip\bigskip \noindent If you want to know more about buffer overflow attacks, the original Phrack article ``Smashing The Stack For Fun And Profit'' by Elias Levy (also diff -r c75a03ab8ac9 -r 8fe0dc898c73 progs/example1.c --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/progs/example1.c Sun Oct 05 18:20:31 2014 +0100 @@ -0,0 +1,8 @@ +void function(int a, int b, int c) { + char buffer1[5]; + char buffer2[10]; +} + +void main() { + function(1,2,3); +} diff -r c75a03ab8ac9 -r 8fe0dc898c73 slides/slides03.pdf Binary file slides/slides03.pdf has changed diff -r c75a03ab8ac9 -r 8fe0dc898c73 slides/slides03.tex --- a/slides/slides03.tex Sat Oct 04 15:55:05 2014 +0100 +++ b/slides/slides03.tex Sun Oct 05 18:20:31 2014 +0100 @@ -37,6 +37,57 @@ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% \begin{frame}[c] +\frametitle{\begin{tabular}{c}Network Applications:\\[-1mm] Privilege Separation\end{tabular}} + + +\begin{center} + \begin{tikzpicture}[scale=1] + + \draw[line width=1mm] (-.3, 0) rectangle (1.5,2); + \draw (4.7,1) node {Internet}; + \draw (-2.7,1.7) node {\footnotesize Application}; + \draw (0.6,1.7) node {\footnotesize Interface}; + \draw (0.6,-0.4) node {\footnotesize \begin{tabular}{c}unprivileged\\[-1mm] process\end{tabular}}; + \draw (-2.7,-0.4) node {\footnotesize \begin{tabular}{c}privileged\\[-1mm] process\end{tabular}}; + + \draw[line width=1mm] (-1.8, 0) rectangle (-3.6,2); + + \draw[white] (1.7,1) node (X) {}; + \draw[white] (3.7,1) node (Y) {}; + \draw[red, <->, line width = 2mm] (X) -- (Y); + + \draw[red, <->, line width = 1mm] (-0.6,1) -- (-1.6,1); + \end{tikzpicture} +\end{center} + +\begin{itemize} +\item the idea is make the attack surface smaller and mitigate the + consequences of an attack +\item you need an OS that supports different roles (root vs.~users) +\end{itemize} + +\end{frame} +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +\begin{frame}[c] +\frametitle{Weaknesses of Unix AC} + +Not just restricted to Unix: + +\begin{itemize} +\item if you have too many roles (i.e.~too finegrained AC), then + hierarchy is too complex\\ \textcolor{gray}{you invite situations + like\ldots let's be root}\bigskip + +\item you can still abuse the system\ldots +\end{itemize} + +\end{frame} +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +\begin{frame}[c] \frametitle{A ``Cron''-Attack} The idea is to trick a privileged person to do something on your @@ -45,7 +96,7 @@ \begin{itemize} \item root:\\\texttt{rm /tmp/*/*}\bigskip\bigskip\pause -\footnotesize +\small \begin{minipage}{1.1\textwidth} \textcolor{gray}{the shell behind the scenes:}\\ \textcolor{gray}{\texttt{rm /tmp/dir$_1$/file$_1$ /tmp/dir$_1$/file$_2$ /tmp/dir$_2$/file$_1$ \ldots}}\bigskip\\ @@ -438,7 +489,38 @@ \end{frame} %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +\begin{frame}[c] +\frametitle{Memory} +\begin{itemize} +\item each process will get a chunk of memory that is organised as +follows: +\end{itemize} + +\begin{center} + \begin{tikzpicture}[scale=0.8] + %\draw[step=1cm] (-3,-3) grid (3,3); + \draw[line width=1mm] (-2, -3) rectangle (2,3); + \draw[line width=1mm] (-2,1) -- (2,1); + \draw[line width=1mm] (-2,-1) -- (2,-1); + \draw (0,2) node {\large\tt text}; + \draw (0,0) node {\large\tt heap}; + \draw (0,-2) node {\large\tt stack}; + + \draw (-2.7,3) node[anchor=north east] {\tt\begin{tabular}{@{}l@{}}lower\\ address\end{tabular}}; + \draw (-2.7,-3) node[anchor=south east] {\tt\begin{tabular}{@{}l@{}}higher\\ address\end{tabular}}; + \draw[->, line width=1mm] (-2.5,3) -- (-2.5,-3); + + \draw (2.7,-2) node[anchor=west] {\tt grows}; + \draw (2.7,-3) node[anchor=south west] {\tt\footnotesize older}; + \draw (2.7,-1) node[anchor=north west] {\tt\footnotesize newer}; + \draw[|->, line width=1mm] (2.5,-3) -- (2.5,-1); + \end{tikzpicture} +\end{center} + +\end{frame} +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% \begin{frame}[c]