P1L2 Software Security Flashcards
What are stack buffer overflows?
Inserting extra instructions into a command to force an overlfow that inserts calls to malware.
The stack buffer is used for
Local variables Parameters passed to the function Control information (ie return address)
what is shellcode?
The code the attacker whats to launch
What does shellcode do?
- Creates a shell from machine code.
2. Must have a return address that is a legitimate return address.
What privileges does shellcode allow?
The host program exploited by the shellcode.
The system service or OS root privileges
Variations of buffer overflow
Return-to-libc: return address is overwritten to point to a funciton in a library.
Heap Overflows: Long lived data get stored on the heap (alloc/malloc/globals)
OpenSSL Heartbleed: Attacker reads sensitive data
Defense against buffer overflow
Programming languages that are:
- -strongly typed
- -automatic bounds checks
- -automatic memory management
Example of safe language
Java
Example of unsafe language
C
What is the defense if unsafe languages must be used?
Check all input
Use safer functions that do bounds checking
Use automatic tools to analyze code for unsafe functions.
Thwarting Buffer Overflow Attacks
Stack canaries: Values written into the stack frame just before the return address
Address Space Layout Randomization(ASLR): Randomized the stack, heap, etc.
Non-executable Stack: Used with ASLR. Requires hardware support