3: Buffer overflows and memory protection
Call Kai
Learn
Practice Test
Spaced Repetition
Match
Flashcards
Knowt Play1/9
There's no tags or description
Looks like no tags are added yet.
Name | Mastery | Learn | Test | Matching | Spaced | Call with Kai |
|---|
No analytics yet
Send a link to your students to track their progress
10 Terms
Buffer overflow instruction pointer
The instruction pointer controls which code executes
The instruction pointer is stored on the stack and the stack can be written to, therefore the instruction pointer can be written to
How does a buffer overflow work?
If a buffer is allocated buffer[16], any input more than 16 characters will begin to overwrite other things on the stack
How can a buffer overflow be used in an attack?
The attacker sends a long message ending with the address of some code giving them a shell
The code could also be part of the original message
When the function returns, the attacker’s code is run
Where should code be in memory?
The text area
What does the NX-bit provide?
A hardware distinction between the text and stack
The NX-bit
When enabled, the program will crash is the EIP ever points to the stack
Address space layout randomisation (ASLR)
Adds a random offset to the stack and code’s base each time the program runs, jumps are altered to point to the right line
What is the point of ASLR?
It makes it hard for an attacker to guess the address of where they inject code or the address of particular functions
Stack canaries
At the start of a function a random value from the heap is written to the base of the stack
When the function finishes, the value on the stack is checked against the value on the heap
What happens if an overwrite attempt is made while there is a stack canary?
The value on the stack will be overwritten, leading to a mismatch