Chapter 10 (Buffer Overflow) Flashcards
what is a buffer overflow
when more input can be placed into a buffer or data holding area than the capacity allocated for so it overwrites neighboring information
where are 3 locations a buffer could be located
stack, heap, data section of a process
what are 4 possible consequences of a buffer overflow attack
corruption of prog data
unexpected transfer of control
mem access violations
execution of code selected by attacker
what are 2 things an attacker needs to know to execute a buffer overflow attack
identify vulnerability in some prog that can be triggered using external sourced data
understand how that buffer is stored in memory and determine potential for corruption
3 ways that you can identify vulnerable programs
inspect program source
trace execution of prog as they process oversize input
using tools such as fuzzing to automaticcly identify potential programs
what makes a prog lang vulnerable to buffer overflow attacks
when they allow direct access to memory
why is a stack frame needed
when one function calls another it needs somewhere to save return address
also saves parameters to be passed into function
what are some common unsafe C standard lib functions
what is shell code
provided by attacker, transfers control to user command line interpreter (shell)
where is shell code saved
in buffer being overflowed
3 possible things the target program can be
trusted sys utility
network service daemon
commonly used library code
what are these possible functions of
shellcode
2 broad defense approaches against buffer overflow and their aims
compile time: harden programs to resist attacks in new programs
runtime: aim to detect and abort attacks in existing programs
what was the goal of the openBSD project
rewrite unsafe coding
what is 1 compile time defense with C
use a safe variant of std lib functions like libsafe
how does stackshield and return address defender work
