Академический Документы
Профессиональный Документы
Культура Документы
Table of Content
Introduction
Writing good programs need to understand how hackers attacks In this presentation: Stack and Heap based attacks Explanations How to Exploit How to Prevent
The Memory
The Memory
test.h 1) int MAXBUFSIZE = 10; test.c #include test.h 2) int noInitNum; void test_function(int a, int b){ int numberA = a; int numberB = b; } int main(){ char buffer[MAXBUFSIZE]; 3) 4) } int numA = 1; int numB = 2; test_function(1, 2)
1) is a global initalized variable, so MAXBUFSIZE is stored in data segment 2) is a non-initialized variable, so it's stored in bss segment 3) is a variable stored in the heap segment 4) is a call to test_function, so the parameters, the return address, the stack framepointer are stored in the stack.
Stack Overflow
Main idea: overwrite the return address to take control Need: User Input Root Access (SUID bit)
Stack Overflow
Picture from Transparent Run-Time Defense Against Stack Smashing Attacks by Arash Baratloo and Navjot Singh, Bell Labs Research
TNS Seminar Stack and Heap Overflow 7
Don't know the return address location Don't know the attack code location Don't know the buffer size
The buffer is filled with a repetition of the return address of malicious code
The buffer is filled with a repetition of NOP Use the stack pointer to estimate the new address
9
Before
After
10
If the buffer is too small to contain shell code, NOP and return address: Use the arguments of the program Use the environment variable
11
Always check the user input Tools to detect Stack Overflow Warning when using functions below
12
Heap Overflow
Main Idea: Overwrite an important variable stored after an overflowable buffer Harder to exploit because depends on the system memory allocator implementation
13
Heap Overflow
The heap is used to store variables dynamically allocated by the application (malloc). The data section initalized at compile-time The bss section contains uninitialized data and is allocated at run-time. No rules, only memory space Only datas
14
Heap Overflow
15
Don't know the size of the buffer Don't know the address to write Depends of the operating system
16
17
18
Stack overflow is very known and there exist mechanism directly in os to prevent them New C library are defined Tools to detect overflow Easy to prevent for developer
19
Heap overflow are dangerous because they are less known More difficult to defend and detect More difficult to exploit
20