Lazy Garbage Collection of Recovery State for Fault – Tolerant

Download Report

Transcript Lazy Garbage Collection of Recovery State for Fault – Tolerant 

Buffer Overflow
Maddikayala, jagadish.
CSCI 5931
Web Security
Prof. T. Andrew Yang
Monday Feb. 23
What is Buffer Overflow?




A buffer is a contiguous allocated chunk of memory,
such as an array or a pointer in C
Buffer overflow occurs when a program or process
tries to store more data in a buffer than it was
intended to hold
Buffer overflows are exploited to change the flow of
a program in execution
Buffer overflows are by far the most commonly
exploited bug on the linux/unix Operating systems
CSCI 5931 Web Security
Process Memory Organization
env, argv strings
High addess
.bss
.data
Heap
char global;
int main(){
int
main(){
char
global = ‘a’;
Char
*var = malloc(3);
….
int main(){
}…
…
env, argv pointers
stack
}}
.data
int main(){
static
int var;to an address which
var
points
int main(){
…
is
in the
static
charheap
var = ‘a’;
}…
.text
}
global
globaland
andvar
varwill
willbe
beinin.bss
.data
heap
.bss
Low address
CSCI 5931 Web Security
Buffer Organization



Storage of xyz buffer.
Buffer “xyz” in memory
Two consecutive
buffers, xyz and abcde.
\0 z
y
x
\0 z
y x
\0 e
Unused byte
d c
b a
1 word = 4 bytes
CSCI 5931 Web Security
Examples




char a[5]="yang";
char b[9]="security";
strcpy(b, "maddikayala");
printf("%s\n", a);
Initial stack organization
\0
g n a y
\0
y t
u c
i r
e s
a
b
After the overflow
g n
\0 a
a
l
\0
y
a
y
d
k
a
i
m
a
d
CSCI 5931 Web Security
a
b
Examples




char a[4]="tom";
char b[8]="michael";
strcpy(b, "maddikayala");
printf("%s\n", a);
Initial stack organization
\0 m o t
\0 l a e
h c i m
a
b
After the overflow
\0 a
y a
d d
l
k
a
a
i
m
a overwritten
b
This is the kind of vulnerability used in buffer overflow exploits
CSCI 5931 Web Security
Buffer Overflow Countermeasures



Write secure code
Non-executable Buffers
Advanced debugging tools
–
–
–

Fault injection tools
Static analysis tools
StackShield and StackGuard
Compilers
–
–
offer warnings on the use of unsafe constructs such as gets
(), strcpy ()
generate the code with built-in safeguards to prevent the
use of illegal addresses
CSCI 5931 Web Security
References







http://mixter.void.ru/exploit.html
http://www.linuxjournal.com/article.php?sid=6701
http://www.linuxjournal.com/article.php?sid=2902
http://www.devbuilder.org/asp/dev_article.asp?aspid=43
http://immunix.org/StackGuard/discex00.pdf
http://www.infosecwriters.com/texts.php?op=display&id=134
http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci549
024,00.html
CSCI 5931 Web Security
Thank you
Any Questions???
CSCI 5931 Web Security