Memory Safety and Violations

Question 1

\what do hardening techniques need to be?

Answer 1

reliable and fast

Question 2

What does a NX bit do?

Answer 2

block execution of writable sections on a hardware level

Question 3

What do stack canaries do?

Answer 3

> generate random value (x)
when a function is called, save x on the stack
when the function returns, check if x has been tampered with

Question 4

What are the advantages of stack canaries?

Answer 4

they are fast, reliable and ominous

Question 5

What does ASLR stand for?

Answer 5

Address Space Layout Randomization

Question 6

How do ASLRs work?

Answer 6

> add a random offset to data sections / dynamic libraries

> for a ret2libc, the attacker needs to know x

Question 7

What are the advantages of ASLR?

Answer 7

fast, reliable, ominous

Question 8

What do hardening techniques aim to do?

Answer 8

Bock an attack in case of a memory vulnerability.

Question 9

What is full memory safety a combination of?

Answer 9

Spatial Memory Safety and Temporal Memory Safety

Question 10

What is the principle of memory safety in space?

Answer 10

code should never read or write outside the memory area

Question 11

What is the principle of memory safety in time?

Answer 11

memory should not be accessed before or after its lifetime

Question 12

Explain a simplified process start

Answer 12

> place binary sections in memory
create a stack
main() starts

Question 13

What pointers does a stack use?

Answer 13

stack pointer at the end, base pointer at the start

Question 14

How does call work?

Answer 14

> saves location of last instruction
saves base pointer
sets base pointer to stack pointer
goes to start of new function

Question 15

Give a quick summary of hacking the stack

Answer 15

> stack overflow
overwrite saved instruction pointer
attacker can choose what code executes next

Question 16

How do you create a heap in C?

Answer 16

char *x = malloc(128);

Question 17

What does the heap need?

Answer 17

a dedicated heap manager