|Newer page:||version 2||Last edited on Sunday, March 7, 2004 3:05:08 pm||by AristotlePagaltzis|
|Older page:||version 1||Last edited on Sunday, March 7, 2004 2:16:13 am||by PerryLorier||Revert|
@@ -1,5 +1,7 @@
Buffer overflows are
when you read more
data into a buffer than it can hold
overwriting the data of
whatever the next thing
is in memory.
This has been exploited to great effect in recent years due to sloppy C/C++ coding.
+ when data into a buffer , overwriting whatever is in memory. This has been exploited to great effect in recent years due to sloppy C / C++ coding.
The main problem with exploiting buffer overflows is that
grows "down" (ie, to lower addresses
), and you write to
buffers "upwards" (
towards higher addresses) . This means that if
a buffer is stored on
you can overwrite whatever else is on the stack including the
return address of a function. Thus, normally exploits are set up so when
a function returns it returns
into the address of
the buffer, and then arbitary (
usually malicious )
code can be executed
+ the grows "down"), buffers towards higher addresses ) a buffer is the , you can overwrite return address a into the buffer , usually malicious code.
Recently there has been a great deal
of discussion about making
the stack non executable so that
this attack will fail. This however ([IMHO]) is rather pointless
, since you can just set up
the stack in
a way where it runs
of libc functions anyway
you can't do conditionals, but you can make it return into for instance
of "system(3) "
with the parameter
"rm -rf /" on the stack where system would expect
it 's argument
+ of the this attack , the a a of .
+ you can't do conditionals , the of " system(3) with "rm -rf /" on the stack it .