APSI
APSI EN 1
APSI EN 1
Kartei Details
| Karten | 10 |
|---|---|
| Sprache | Deutsch |
| Kategorie | Informatik |
| Stufe | Universität |
| Erstellt / Aktualisiert | 19.11.2021 / 19.11.2021 |
| Lizenzierung | Keine Angabe |
| Weblink |
https://card2brain.ch/box/20211119_apsi
|
| Einbinden |
<iframe src="https://card2brain.ch/box/20211119_apsi/embed" width="780" height="150" scrolling="no" frameborder="0"></iframe>
|
What is a bufferoverflow attack?
Copying more data in a buffer than it can handle
What is the purpose of the following code?
#include <string.h>
#include <stdio.h>
int main (int argc, char *argv[]) {
char s2[4] = "yes"; // set s2 to "yes"
char s1[4] = "abc"; // set s1 to "abc"
strcpy(s1, argv[1]); // copy argv[1] into s1
puts(s2); // print s2
}
To overflow the char array s1 with the programm arguments and overwrite the char array s2.
What naiv approach can be used to secure against bufferoverflows and when does it apply?
A Stack Protection can be implemented. The idea is to place random values on the stack and then verify it. It is usually done to protect the return address of a function:
Stack: <local vars><random value><return address>
What are the problems with Stack Protection?
- Where can it be placed?
- When should it be checked?
- Causes extra effort.
- Does not protect buffer-overflow on the heap
What serious approach can be used to protect against buffer overflows?
Checked Buffers can be used. This should make a size check on every buffer insertion.
How can Checked Buffers be enforced?
- Code style guides that require them
- Code reviews
- Use buffer libraries that do these checks
- Use a language with safe buffers
What is "Data Leakage by Behaviour"?
A system that replies with too specific error codes and leaves room to interprate it's interna.
How to fix data leakage by behavior?
- Central error handling that does not reveal too many details
- Perform exactly the same queries in all situations
