Tags: Topics For Evaluation EssaysCompare Contrast Two Cultures EssayEssay On AdvertisingMolecular Biology DissertationsWelding Research PapersWhat Is Business Plan In EntrepreneurshipCanadian Staples ThesisTime Travel EssayExample Of Related Literature In Research PaperEssays Gender Discrimination Workplace
Each time a function is called, it lays down an activation record on the stack that includes, among other things, the return address that the program should jump to when the function exits, i.e. Attacks that corrupt activation record return addresses overflow automatic variables, i.e. By corrupting the return address in the activation record, the attacker causes the program to jump to attack code when the victim function returns and dereferences the return address.
This form of buffer overflow is called a “stack smashing attack” and constitutes a majority of current buffer overflow attacks.
Since nearly all C programs link with Often, the code to do what the attacker wants is already present in the program’s address space.
The attacker need only parameterize the code, and then cause the program to jump to it.
For instance, if the attack code needs to execute “exec(“/bin/sh”)”, and there exists code in libc that executes “exec(arg)” where “arg” is a string pointer argument, then the attacker need only change a pointer to point to “/bin/sh” and jump to the appropriate instructions in the libc library The basic method is to overflow a buffer that has weak or non-existent bounds checking on its input with a goal of corrupting the state of an adjacent part of the program’s state, e.g. By overflowing the buffer, the attacker can overwrite the adjacent program state with a near-arbitrary sequence of bytes, resulting in an arbitrary bypass of C’s type system and the victim program’s logic. The distinguishing factors among overflow attacks are the kind of state corrupted, and where in the memory layout the state is located.
Activation Records, Function Pointers, and Longjmp buffers are all vulnerable.
This is the template for an attack outlined by Levy.
Because the C idiom of allocating a small local buffer to get user or parameter input is so common, there are a lot of instances of code vulnerable to this form of attack.