Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

ITS > M6: Software security - exploits and privilege escalation - C6 > Flashcards

M6: Software security - exploits and privilege escalation - C6 Flashcards

1
Q

What is a race condition in the context of file systems?

M6: Software security - exploits and privilege escalation - C6

A

It’s when a file’s state changes between the time it’s checked and the time it’s used, potentially leading to security issues.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is a TOCTOU race?

M6: Software security - exploits and privilege escalation - C6

A

Time-of-check to time-of-use race, where changes between checking a condition and using it can be exploited.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

How can race conditions be mitigated?

M6: Software security - exploits and privilege escalation - C6

A

By using atomic operations or ensuring the condition and action are inseparable.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is an integer overflow?

M6: Software security - exploits and privilege escalation - C6

A

When a calculation exceeds the maximum value a data type can hold, causing it to wrap around.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is an integer underflow?

M6: Software security - exploits and privilege escalation - C6

A

When a calculation goes below the minimum value a data type can hold, causing it to wrap around.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Why are integer-based vulnerabilities common in C?

M6: Software security - exploits and privilege escalation - C6

A

Because C allows operations between different data types and has weak type safety.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is a buffer overflow?

M6: Software security - exploits and privilege escalation - C6

A

When more data is written to a buffer than it can hold, overwriting adjacent memory.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is a stack-based buffer overflow?

M6: Software security - exploits and privilege escalation - C6

A

An overflow that occurs in the stack memory, often used for function calls and local variables.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

How can buffer overflows be exploited?

M6: Software security - exploits and privilege escalation - C6

A

By overwriting memory to execute malicious code or crash the system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is heap spraying?

M6: Software security - exploits and privilege escalation - C6

A

A technique where an attacker fills the heap with malicious code to increase the chances of successful exploitation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is a return-to-libc exploit?

M6: Software security - exploits and privilege escalation - C6

A

An attack that redirects execution to existing library functions instead of injecting new code.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is privilege escalation?

M6: Software security - exploits and privilege escalation - C6

A

Gaining higher access rights than initially granted, often from a regular user to an administrator.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

How do attackers use TOCTOU races for privilege escalation?

M6: Software security - exploits and privilege escalation - C6

A

By changing file bindings between checks and actions to gain unauthorized access.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is the role of the stack pointer (SP) in function calls?

M6: Software security - exploits and privilege escalation - C6

A

It tracks the top of the stack, adjusting as functions push and pop data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is the frame pointer (FP) used for?

M6: Software security - exploits and privilege escalation - C6

A

It helps manage stack frames, pointing to the base of the current function’s stack frame.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is a setuid program?

M6: Software security - exploits and privilege escalation - C6

A

A Unix program that runs with the privileges of the file’s owner, not the user who runs it.

17
Q

Why is using the access() syscall for permission checks discouraged?

M6: Software security - exploits and privilege escalation - C6

A

Because it can be exploited in TOCTOU races, leading to unauthorized actions.

18
Q

What is a symbolic link (symlink)?

M6: Software security - exploits and privilege escalation - C6

A

A file that points to another file or directory, used for shortcuts and references.

19
Q

What is a hard link?

M6: Software security - exploits and privilege escalation - C6

A

A directory entry that points to the same inode as another file, effectively creating multiple names for the same file.

20
Q

How can directory permissions affect file security?

M6: Software security - exploits and privilege escalation - C6

A

Improper permissions can allow unauthorized users to modify or replace files.

21
Q

What is the difference between signed and unsigned integers?

M6: Software security - exploits and privilege escalation - C6

A

Signed integers can represent negative values, while unsigned integers can only represent non-negative values.

22
Q

What is sign extension?

M6: Software security - exploits and privilege escalation - C6

A

Extending the sign bit of a smaller integer to a larger integer to preserve its value.

23
Q

What is zero extension?

M6: Software security - exploits and privilege escalation - C6

A

Extending a smaller unsigned integer to a larger integer by adding zeros to the higher-order bits.

24
Q

What is pointer arithmetic in C?

M6: Software security - exploits and privilege escalation - C6

A

Operations that involve adding or subtracting values from pointers, often used for array indexing.

25
Q

How can integer bugs lead to security vulnerabilities?

M6: Software security - exploits and privilege escalation - C6

A

They can cause unexpected behavior, such as buffer overflows or incorrect memory access.

26
Q

What is the carry flag (CF) used for?

M6: Software security - exploits and privilege escalation - C6

A

It indicates an overflow in unsigned arithmetic operations.

27
Q

What is the overflow flag (OF) used for?

M6: Software security - exploits and privilege escalation - C6

A

It indicates an overflow in signed arithmetic operations.

28
Q

How can developers mitigate integer bugs?

M6: Software security - exploits and privilege escalation - C6

A

By using safe integer libraries, compiler checks, and careful coding practices.

29
Q

What is the purpose of the malloc() function in C?

M6: Software security - exploits and privilege escalation - C6

A

To dynamically allocate memory at runtime.

30
Q

How can attackers exploit malloc() with integer overflows?

M6: Software security - exploits and privilege escalation - C6

A

By causing it to allocate incorrect memory sizes, leading to buffer overflows or memory corruption.

ITS (14 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions