1.22.memsfty - CS 161 Computer Security Spring 2010...

Info iconThis preview shows pages 1–3. Sign up to view the full content.

View Full Document Right Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: CS 161 Computer Security Spring 2010 Paxson/Wagner Notes 1/22 Common implementation flaws—memory safety In the next few lectures we will be looking at software security—problems associated with the software implementation. You may have a perfect design, a perfect specification, perfect algorithms, but still have implementation vulnerabilities. In fact, after configuration errors, implementation errors are probably the largest single class of security errors exploited in practice. We will start by showing you some common implementation flaws. Because many security-critical appli- cations have been written in C, and because C has peculiar pitfalls of its own, many of these examples will be C-specific. However, implementation flaws can occur at all levels: in improper use of the programming language, the libraries, the operating system, or in the application logic. By far the most common class of implementation flaw is the buffer overrun, so we will start there. 1 Buffer overflow vulnerabilities Well start with one of the most common types of error— buffer overflow (also called buffer overrun ) vul- nerabilities. Buffer overflow vulnerabilities are a particular risk in C. Since it is an especially widely used systems programming language, you might not be surprised to hear that buffer overflows are one of the most pervasive kind of implementation flaws around. As a low-level language, we can think of C as a portable assembly language. The programmer is exposed to the bare machine (which is one reason that C is such a popular systems language). A particular weakness that we will discuss is the absence of automatic bounds-checking for array or pointer access. A buffer overflow bug is one where the programmer fails to perform adequate bounds checks, triggering an out-of- bounds memory access that writes beyond the bounds of some memory region. Attackers can use these out-of-bounds memory accesses to corrupt the program’s intended behavior. Let us start with a simple example. char buf[80]; void vulnerable() { gets(buf); } In this example, gets() reads as many bytes of input as are available on standard input, and stores them into buf . If the input contains more than 80 bytes of data, then gets() will write past the end of buf , overwriting some other part of memory. This is a bug. This bug typically causes a crash and a core-dump. What might be less obvious is that the consequences can be far worse than that. To illustrate some of the dangers, we modify the example slightly. CS 161, Spring 2010, Notes 1/22 1 char buf[80]; int authenticated = 0; void vulnerable() { gets(buf); } Imagine that elsewhere in the code, there is a login routine that sets the authenticated flag only if the user proves knowledge of the password. Unfortunately, the authenticated flag is stored in memory right after buf . If the attacker can write 81 bytes of data to buf (with the 81st byte set to a non-zero value), then this will set the authenticated flag to true, and the attacker will gain access. The program aboveflag to true, and the attacker will gain access....
View Full Document

This note was uploaded on 04/14/2010 for the course CS 161 taught by Professor Staff during the Spring '08 term at University of California, Berkeley.

Page1 / 6

1.22.memsfty - CS 161 Computer Security Spring 2010...

This preview shows document pages 1 - 3. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online