Date: Sun, 28 Oct 2001 15:08:30 +0100 (CET) From: Krzysztof Zaraska <kzaraska@student.uci.agh.edu.pl> To: Yuri Muhitov <muhitov@kostasoft.spb.ru> Cc: freebsd-security@FreeBSD.ORG Subject: Re: BUFFER OVERFLOW EXPLOITS Message-ID: <Pine.BSF.4.21.0110281500030.6086-100000@lhotse.zaraska.dhs.org> In-Reply-To: <2E8E747BA4D4994CB49D56AF57F1728208B295@adv.KOSTASOFT.kostasoft.spb.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 28 Oct 2001, Yuri Muhitov wrote: > Hi! > > How does 'buffer overflow' exploit works in details? > How can attacker execute arbitrary code on attacked machine? > What about 'stack overflow' and 'changing return address' in procedure call? See Aleph1's "Smashing the stack for fun and profit", Phrack 49. Explains problem and exploitation techniques. > Is this programming, compiler or compiling options error? > How to avoid this problem on practice (writing programs)? This is programmer's error. Most commonly, it occurs when someone copies data to a statically allocated buffer without boundary checking. Say you allocated char[1024] and you program allows user to write more data to this buffer. Extra user input lands in the memory area after the buffer, what may produce interesting results. Look for papers on "secure programming". IIRC there's a section in FreeBSD handbook and Linux Secure Programming HOWTO. This papers deal also with other programming issues (i.e. insecure /tmp file permissions) that may be exploitable. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0110281500030.6086-100000>