eg COMPUTER SYSTEM SECURITY Guessed address for syscall system call for pause

Eg computer system security guessed address for

This preview shows page 19 - 22 out of 22 pages.

Image of page 19
COMPUTER SYSTEM SECURITY Guessed address for syscall() system call# for pause addr of pop rsi, ret put add of system call# for pause run_shell ret address addr. Of pop rdi, ret entry %esp saved %ebp new %rbp buf[127] buf[0] new %es (4) Invoke the Write syscall To invoke Write we need to have the follwing gadgets: pop rdi , ret (socket) pop rsi, ret (buf) pop rdx , ret (buf.len) pop rax, ret (syscall #) syscall
Image of page 20
COMPUTER SYSTEM SECURITY PRIVILEGE SEPERATION: Uses Unix-mechanisms to provide different priviliges to different sections of the application. Principal : what are tthe entities that have privilege or rights.(in unix typically invoked by a process) and what are those privileges. Implementation of principal in UNIX: user ID: 32 bit int group ID: 32-bit int process subject : process uid , list of gIDs object: things that a process might act on. e.g; Files, directories,network/sockets, process itself, memory, file descriptor. Files : read, write, execute, change permission... Directory : unlink, link,rename, create, lookup ...... UNIX: inode---> uid, gid permission bits: r , w , x owner 1 1 0 group 1 0 0 other 1 0 0 e.g. open(“/etc/password”) what checks is the kernel going to perform on issueing of the above system call? X /etx X / (checks whether one has lookup permission on root) r / etc/ password
Image of page 21
COMPUTER SYSTEM SECURITY File- descriptor : security checks for accessing a file are performed when you open the file in the first place and from there on we have a handle on the file, where anyone with that handle can now peform operation on the file. So basically for accessing a file descriptor if you have an open file descriptor in your process then you can accesss it. Process: create, kill, debug (ptrace) Network: connect , listen, read/write, send/receive raw packages Bootstrap: setuid(uid#) must have uid = 0(i.e. a super-user) setgid() , setgroup login runs with uid = 0 username , password / etc/ password (contains mapping table) / etc /shadow (contains actual password) setuid(uid) exec(/bin/sh) setuid binaries regular executables in a UNIX file system except when you call exec on them,it actually switches the userid of the process to the owner of the binary. The binafy probably has e.g / bin/ su / bin /sudo Environment variable : An environment variable s a variable whose value is set outside the program, typically through functionality built into the operating system or microservice. An environment variable is made up of a name/value pair, and any number may be created and available for reference at a point in time. How to prevent malicious process from exploiting this setuid binaries? Use file-system namespace to modify it using the chroot system call chroot(“/foo”);
Image of page 22

You've reached the end of your free preview.

Want to read all 22 pages?

  • Fall '16
  • Piyush Rai
  • Pointer

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern

Ask Expert Tutors You can ask You can ask ( soon) You can ask (will expire )
Answers in as fast as 15 minutes