Buffer overflow. Technical description[edit] A buffer overflow occurs when data written to a buffer also corrupts data values in memory addresses adjacent to the destination buffer due to insufficient bounds checking.
This can occur when copying data from one buffer to another without first checking that the data fits within the destination buffer. Example[edit] In the following example, a program has two data items which are adjacent in memory: an 8-byte-long string buffer, A, and a two-byte big-endian integer, B. char A[8] = "";unsigned short B = 1979; Initially, A contains nothing but zero bytes, and B contains the number 1979. Now, the program attempts to store the null-terminated string "excessive" with ASCII encoding in the A buffer.
"excessive" is 9 characters long and encodes to 10 bytes including the terminator, but A can take only 8 bytes. B's value has now been inadvertently replaced by a number formed from part of the character string. Stack buffer overflow. In software, a stack buffer overflow or stack buffer overrun occurs when a program writes to a memory address on the program's call stack outside of the intended data structure, which is usually a fixed-length buffer.[1][2] Stack buffer overflow bugs are caused when a program writes more data to a buffer located on the stack than what is actually allocated for that buffer.
This almost always results in corruption of adjacent data on the stack, and in cases where the overflow was triggered by mistake, will often cause the program to crash or operate incorrectly. Smashing the Stack for Fun and Profit by Aleph One. Stack smashing. Buffer overflow protection. Buffer overflow protection refers to various techniques used during software development to enhance the security of executable programs by detecting buffer overflows on stack-allocated variables, and preventing them from causing program misbehavior or from becoming serious security vulnerabilities.
Address space layout randomization. History[edit] In 1997 Memco Software implemented a limited form of stack randomization as part of its SeOS Access Control product.[1] The Linux PaX project first coined the term "ASLR", and published the first design and implementation of ASLR in July 2001.
It is seen as the most complete implementation, providing also kernel stack randomization since October 2002. Compared to other implementations, it is also seen to provide the best layout randomization.[2][citation needed] Benefits[edit] Address space randomization hinders some types of security attacks by making it more difficult for an attacker to predict target addresses. Effectiveness[edit] Address space layout randomization is based upon the low chance of an attacker guessing the locations of randomly placed areas. To defeat the randomization, attackers must successfully guess the positions of all areas they wish to attack. To begin, let us declare the following variables: – entropy bits of stack top – entropy bits of mmap() base . Executable space protection. The Burroughs 5000 offered hardware support for executable space protection when it was introduced in 1961; that capability was retained in its successors at least through 2006.
In its implementation of tagged architecture, each word of memory had an associated, hidden tag bit designating it code or data. Thus, user programs cannot write or even read a program word, and data words cannot be executed. §OS implementations[edit] Many operating systems implement or have an available executable space protection policy. Here is a list of such systems in alphabetical order, each with technologies ordered from newest to oldest. For some technologies, there is a summary which gives the major features each technology supports. A technology supplying Architecture Independent emulation will be functional on all processors which aren't hardware supported. §Android[edit] §FreeBSD[edit] Return-to-libc attack. A “return-to-libc” attack is a computer security attack usually starting with a buffer overflow in which a subroutine return address on a call stack is replaced by an address of a subroutine that is already present in the process’ executable memory, rendering the NX bit feature useless (if present) and ridding the attacker of the need to inject their own code.
On Unix and Unix-like operating systems the C standard library is commonly used to provide a standard runtime environment for programs written in the C programming language. Although the attacker could make the code return anywhere, libc is the most likely target, as it is almost always linked to the program, and it provides useful calls for an attacker (such as the system function used to execute shell commands.) Return-oriented programming. Return-oriented programming (ROP) is a computer security exploit technique that allows an attacker to execute code in the presence of security defenses such as non-executable memory and code signing.[1] In this technique, an attacker gains control of the call stack to hijack program control flow and then executes carefully chosen machine instruction sequences, called "gadgets".[2] Each gadget typically ends in a return instruction and is located in a subroutine within the existing program and/or shared library code.
Chained together, these gadgets allow an attacker to perform arbitrary operations on a machine employing defenses that thwart simpler attacks. Format string vulnerabilities. Integer overflow.