Presentation is loading. Please wait.

Presentation is loading. Please wait.

Webserver w/user threads

Published byRegina Fisher Modified over 6 years ago

Similar presentations

Presentation on theme: "Webserver w/user threads"— Presentation transcript:

1 CSE Four Fiddy One – Section 7 Project 2 hints VM (process memory, buffer overrun attacks)

2 Webserver w/user threads
Use pthreads for Web server-related parts (parts 4 and 6) We won’t test sioux with user threads

3 Project 2 – questions?

4 Virtual Memory (quick recap)
Physical memory Process’ VM: Another process Disk (Inspired from wikipedia)

5 Virtual Memory (quick recap)
Process’ Page table Physical memory Process’ VM: Another process page frame # Disk

6 Virtual Memory (quick recap)
Process’ Page table Physical memory Process’ VM: Another process page frame # Disk How can we use paging to set up sharing of memory between two processes?

7 Process Memory Organization
0x Code TEXT Initialized/uninitialized global/static variables static int a = 3; DATA Heap char* buff = (char*)malloc(…) 1. 2. Just declare variables on the stack in order and look at their addresses. 3. 0x to 0xBFFFFFFF is the USER SEGMENT, 0xC to 0xFFFFFFFF is the KERNEL SEGMENT. This is the only segmentation Linux uses. STACK What goes here? Program stack 0xBFFFFFFF In figure, stack grows downwards, but it’s not necessary How can you determine the direction in which stack grows? What is in the address range 0xC to 0xFFFFFFFF?

8 Page Replacement Algorithms
What you are NOT doing this quarter: Project 3 - Your job: Replacement Algorithms Given: random You need to write: FIFO LRU Clock One of your choice A few possibilities: True LRU (e.g. via storing full timestamp) Variations on LRU Clock (enhanced second-chance, etc) LFU/MFU Your own! You can write more than 3 if your experiment focuses on replacement algorithms. So we are going to go over some of these instead.

9 Page Replacement Algorithms
FIFO (First in/first out) Replace the oldest page with the one being paged in Not very good in practice, suffers from Belady’s Anomaly Second-Chance (Modified FIFO) FIFO, but skip referenced pages VAX/VMS used this Random Duh Better than FIFO! NFU (Not Frequently Used) Replace the page used the least number of times Better variation: Aging ensures that pages that have not been used for a while go away. NRU (Not Recently Used) Replace a page not used since last clock cycle LRU (Least Recently Used) Replace the least recently used page Works well but expensive to implement. (More efficient variants include LRU-K) LRU Clock (Modified LRU) Replace the least recently used page, with a hard limit on the max time since used Clairvoyant Replace the page that’s going to be needed farthest in the future. Linux 2.4 kernel uses NFU w/Aging

10 Example of Belady’s Anomaly
Page Requests

11 Example (Page Faults in Red)
3 frames Frame 1 Frame 2 Frame 3 3 2 1 4 9 Page Faults

12 Example (Page Faults in Red)
4 frames Frame 1 Frame 2 Frame 3 Frame 4 3 2 1 4 10 Page Faults

13 Stack Overflow Attacks

14 Example What does the process’ memory look like for the following code: void foo(int a, int b, int c) { char buffer1[5]; char buffer2[10]; } void main() { foo(1,2,3); We’re here w/ execution Program stack Global variables Heap Code Draw on board Example taken from “Smashing The Stack For Fun And Profit ”

15 How would you smash the stack?
buffer2 3 words buffer1 2 words SFP 1 word RET 1 word a 1 word b 1 word 1 word c Bottom of stack (0xBFFFFFFF) Word size (4B)

16 Buffer overflows What’s the bug? void foo(char* str) { char buffer[5];
strcpy(buffer, str); } void main() { char large_string[256]; foo(large_string); Example taken from “Smashing The Stack For Fun And Profit ”

17 The stack contents buffer SFP RET *str void foo(char* str) {
Small addr void foo(char* str) { char buffer[5]; strcpy(buffer, str); } void main(int argc, char* argv[]) { foo(argv[1]); buffer SFP RET *str Large addr

18 The stack contents What cmd-line argument should attacker provide?
Small addr void foo(char* str) { char buffer[5]; strcpy(buffer, str); } void main(int argc, char* argv[]) { foo(argv[1]); What cmd-line argument should attacker provide? - Length? - Contents? buffer SFP RET (here address of next byte) + size of malicious code (e.g., shell code -- ) *str Large addr

19 Shell code Program to bring up a shell: If you de-assemble, you get:
#include <stdio.h> void main() { char *name[2]; name[0] = "/bin/sh"; name[1] = NULL; execve(name[0], name, NULL); } If you de-assemble, you get: "\xeb\x1f\x5e\x89\x76\x08\x31\xc0\x88\x46\x07\x89\x46\x0c\xb0\x0b" "\x89\xf3\x8d\x4e\x08\x8d\x56\x0c\xcd\x80\x31\xdb\x89\xd8\x40\xcd” "\x80\xe8\xdc\xff\xff\xff/bin/sh";

20 More information Smashing The Stack For Fun And Profit, Aleph One:

Download ppt "Webserver w/user threads"

Similar presentations

9.4 Page Replacement What if there is no free frame?

9.4 Page Replacement What if there is no free frame?
4.4 Page replacement algorithms

4.4 Page replacement algorithms
Chapter 101 The LRU Policy Replaces the page that has not been referenced for the longest time in the past By the principle of locality, this would be.

Chapter 101 The LRU Policy Replaces the page that has not been referenced for the longest time in the past By the principle of locality, this would be.
Chapter 4 Memory Management Page Replacement 补充:什么叫页面抖动?

Chapter 4 Memory Management Page Replacement 补充:什么叫页面抖动?
Buffer Overflow Prabhaker Mateti Wright State University.

Buffer Overflow Prabhaker Mateti Wright State University.
Smashing the Stack for Fun and Profit

Smashing the Stack for Fun and Profit
1 Virtual Memory Management B.Ramamurthy. 2 Demand Paging 0 1 2 3 4 5 6 7 Main memory LAS 0 LAS 1 LAS 2 (Physical Address Space -PAS) LAS - Logical Address.

1 Virtual Memory Management B.Ramamurthy. 2 Demand Paging Main memory LAS 0 LAS 1 LAS 2 (Physical Address Space -PAS) LAS - Logical Address.
Stack-Based Buffer Overflows Attacker – Can take over a system remotely across a network. local malicious users – To elevate their privileges and gain.

Stack-Based Buffer Overflows Attacker – Can take over a system remotely across a network. local malicious users – To elevate their privileges and gain.
Gabe Kanzelmeyer CS 450 4/14/10.  What is buffer overflow?  How memory is processed and the stack  The threat  Stack overrun attack  Dangers  Prevention.

Gabe Kanzelmeyer CS 450 4/14/10.  What is buffer overflow?  How memory is processed and the stack  The threat  Stack overrun attack  Dangers  Prevention.
Stack buffer overflow.

Stack buffer overflow.
CS 153 Design of Operating Systems Spring 2015 Lecture 19: Page Replacement and Memory War.

CS 153 Design of Operating Systems Spring 2015 Lecture 19: Page Replacement and Memory War.
Stack buffer overflow http://en.wikipedia.org/wiki/Stack_buffer_overflow.

Stack buffer overflow
Chapter 101 Virtual Memory Chapter 10 Sections 10.1 - 10.3.1 and 10.4 - 10.6 plus10.8.1 (Skip:10.3.2, 10.7, rest of 10.8)

Chapter 101 Virtual Memory Chapter 10 Sections and plus (Skip:10.3.2, 10.7, rest of 10.8)
Buffer Overflow By: John Quach and Napoleon N. Valdez.

Buffer Overflow By: John Quach and Napoleon N. Valdez.
Beyond Stack Smashing: Recent Advances in Exploiting Buffer Overruns Jonathan Pincus Microsoft Research Brandon Baker Microsoft Carl Hartung CSCI 7143:

Beyond Stack Smashing: Recent Advances in Exploiting Buffer Overruns Jonathan Pincus Microsoft Research Brandon Baker Microsoft Carl Hartung CSCI 7143:
Buffer Overflow. Process Memory Organization.

Buffer Overflow. Process Memory Organization.
Paging Algorithms Vivek Pai / Kai Li Princeton University.

Paging Algorithms Vivek Pai / Kai Li Princeton University.
Memory Management Virtual Memory Page replacement algorithms

Memory Management Virtual Memory Page replacement algorithms
CSI 400/500 Operating Systems Spring 2009 Lecture #9 – Paging and Segmentation in Virtual Memory Monday, March 2 nd and Wednesday, March 4 th, 2009.

CSI 400/500 Operating Systems Spring 2009 Lecture #9 – Paging and Segmentation in Virtual Memory Monday, March 2 nd and Wednesday, March 4 th, 2009.
1 CSE451 – Section 7. 2 Usual stuff Project 3 will be due Monday the 27 th Experiment design email to TAs: By midnight on Sunday the 19th Today: Project.

1 CSE451 – Section 7. 2 Usual stuff Project 3 will be due Monday the 27 th Experiment design to TAs: By midnight on Sunday the 19th Today: Project.

Similar presentations

Ads by Google