APSI
APSI EN 1
APSI EN 1
10
0.0 (0)
Kartei Details
Karten | 10 |
---|---|
Sprache | Deutsch |
Kategorie | Informatik |
Stufe | Universität |
Erstellt / Aktualisiert | 19.11.2021 / 19.11.2021 |
Lizenzierung | Keine Angabe |
Weblink |
https://card2brain.ch/box/20211119_apsi
|
Einbinden |
<iframe src="https://card2brain.ch/box/20211119_apsi/embed" width="780" height="150" scrolling="no" frameborder="0"></iframe>
|
What is the purpose of the following code?
#include <string.h>
#include <stdio.h>
int main (int argc, char *argv[]) {
char s2[4] = "yes"; // set s2 to "yes"
char s1[4] = "abc"; // set s1 to "abc"
strcpy(s1, argv[1]); // copy argv[1] into s1
puts(s2); // print s2
}
To overflow the char array s1 with the programm arguments and overwrite the char array s2.
What naiv approach can be used to secure against bufferoverflows and when does it apply?
A Stack Protection can be implemented. The idea is to place random values on the stack and then verify it. It is usually done to protect the return address of a function:
Stack: <local vars><random value><return address>
What are the problems with Stack Protection?
- Where can it be placed?
- When should it be checked?
- Causes extra effort.
- Does not protect buffer-overflow on the heap