Presentation is loading. Please wait.

Presentation is loading. Please wait.

Module 30 (Unix/Linux Security Issues II)

Published byReginald Barnett Modified over 6 years ago

Similar presentations

Presentation on theme: "Module 30 (Unix/Linux Security Issues II)"— Presentation transcript:

1 Module 30 (Unix/Linux Security Issues II)
At the end of this module, you'll know more about Unix/Linux security issues. You'll understand more exploits at a little more fundamental level. You'll also get more ideas about how to avoid writing malware-ready code. Module 30

2 Modern Stack Smashing Attacks
Although proponents of the technique thought have Non-executable stack segments would stop buffer overflows, they were wrong. Return-Oriented Programing (ROP ) writes arguments and returns to code (gadets) that appear in libraries just before a return to get some work done. It's a tricky method to get code executed by adjusting the stack but without writing the code in the stack. Every concept people have had about inability to overcome technological barriers to exploiting buffer overflows has ended up being wrong. I attribute this to the fact that both data (locals and parameters) and code (return addresses) appear in the stack. Until we have machines that more closely mimic a Harvard architecture, its best not to write code that lets buffers overflow. Module 30

3 Format String Attacks Format string vulnerabilities, like buffer overflows, result from a program not correctly handling user data. These usually appear in C programs that use printf or sprintf. User input is inserted into a format string without modification and inserts unexpected format characters (%s, %n, etc.) In extreme cases, this can allow arbitrary code to be executed. Module 30

4 Avoiding Format String Errors
“An ounce of prevention is worth a pound of cure.” Although numerous static code checking software has been written to identify format error problems, the best method is to avoid using printf and sprintf entirely. If you must write in C, write in the better C dialect of C++ and use cout rather than printf. Far fewer errors will result. Module 30

5 Input Validation in General
Hacking Exposed 7 cites the case of the Solaris telnet 0-day that allowed anyone to log in as root. Issuing telnet -l “-f user” hostname would cause login (run as root) to receive the command line switch setting -f user which would allow the program to run as that user without providing a password. Two ways to avoid input validation problems: Black Listing: disallow bad input. (Not so good.) “Porter's a good boy. He minds well enough. I just can't think of enough things to tell him not to do.” – Ferrol Sams, Run with the Horsemen. White Listing: allow only good input. (Better when implemented correctly.) To implement this correctly, the parser for whitelisting must be as powerful as the input language. Module 30

6 Arithmetic Error Attacks
All data in hardware represented as binary strings. In signed data (usually twos complement) the most significant bit (MSB) is interpreted as the sign bit. Typical hardware does not know how large an operand is or whether it is signed or not. The code generated by compilers and interpreters must keep track of that. C conversion/coercion rules are notoriously difficult to understand fully, leading to many subtle errors. Highly exploitable integer errors are ones that can lead to buffer overflows. These usually involve loop control variables, or variables that keep track of the length of data structures. Module 30

7 Dangling Reference (Pointer) Attacks
Dangling references occur when heap or stack allocated storage is freed, but pointers to the data are not set to NULL. One way problems occur is when the same storage is freed multiple times. It might seem surprising that this could cause problems, but a vulnerability in CVS (concurrent versioning system) used this method to allow a remote attacker to cause corruption of heap storage and execute arbitrary code. Managing storage manually is hard! Using a system with automated garbage collection is the best option for avoiding these kinds of problems. GC separates the concerns of dealing with storage from dealing with your program. Module 30

Download ppt "Module 30 (Unix/Linux Security Issues II)"

Similar presentations

Buffer Overflows Nick Feamster CS 6262 Spring 2009 (credit to Vitaly S. from UT for slides)

Buffer Overflows Nick Feamster CS 6262 Spring 2009 (credit to Vitaly S. from UT for slides)
Vulnerabilities in Embedded Harvard Architecture Processors Presented By: Michael J. Hohnka Cyber Vulnerabilities Lead Cyber Innovation Division Communications,

Vulnerabilities in Embedded Harvard Architecture Processors Presented By: Michael J. Hohnka Cyber Vulnerabilities Lead Cyber Innovation Division Communications,
Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 10: Buffer Overflow.

Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 10: Buffer Overflow.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 11 – Buffer Overflow.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 11 – Buffer Overflow.
Breno de MedeirosFlorida State University Fall 2005 Buffer overflow and stack smashing attacks Principles of application software security.

Breno de MedeirosFlorida State University Fall 2005 Buffer overflow and stack smashing attacks Principles of application software security.
1 CHAPTER 8 BUFFER OVERFLOW. 2 Introduction One of the more advanced attack techniques is the buffer overflow attack Buffer Overflows occurs when software.

1 CHAPTER 8 BUFFER OVERFLOW. 2 Introduction One of the more advanced attack techniques is the buffer overflow attack Buffer Overflows occurs when software.
Stack-Based Buffer Overflows Attacker – Can take over a system remotely across a network. local malicious users – To elevate their privileges and gain.

Stack-Based Buffer Overflows Attacker – Can take over a system remotely across a network. local malicious users – To elevate their privileges and gain.
Chapter 15 : Attacking Compiled Applications Alexis Kirat - International Student.

Chapter 15 : Attacking Compiled Applications Alexis Kirat - International Student.
Run-Time Storage Organization

Run-Time Storage Organization
Achieving Trusted Systems by Providing Security and Reliability Ravishankar K. Iyer, Zbigniew Kalbarczyk, Jun Xu, Shuo Chen, Nithin Nakka and Karthik Pattabiraman.

Achieving Trusted Systems by Providing Security and Reliability Ravishankar K. Iyer, Zbigniew Kalbarczyk, Jun Xu, Shuo Chen, Nithin Nakka and Karthik Pattabiraman.
SQL Injection and Buffer overflow

SQL Injection and Buffer overflow
Operating Systems Concepts 1. A Computer Model An operating system has to deal with the fact that a computer is made up of a CPU, random access memory.

Operating Systems Concepts 1. A Computer Model An operating system has to deal with the fact that a computer is made up of a CPU, random access memory.
CS252: Systems Programming Ninghui Li Final Exam Review.

CS252: Systems Programming Ninghui Li Final Exam Review.
CSC 386 – Computer Security Scott Heggen. Agenda Introduction to Software Security.

CSC 386 – Computer Security Scott Heggen. Agenda Introduction to Software Security.
Java Security. Topics Intro to the Java Sandbox Language Level Security Run Time Security Evolution of Security Sandbox Models The Security Manager.

Java Security. Topics Intro to the Java Sandbox Language Level Security Run Time Security Evolution of Security Sandbox Models The Security Manager.
Security Exploiting Overflows. Introduction r See the following link for more info: operating-systems-and-applications-in-

Security Exploiting Overflows. Introduction r See the following link for more info: operating-systems-and-applications-in-
MIPS coding. SPIM Some links can be found such as:

MIPS coding. SPIM Some links can be found such as:
Exploitation: Buffer Overflow, SQL injection, Adobe files Source:

Exploitation: Buffer Overflow, SQL injection, Adobe files Source:
Chapter 6 Buffer Overflow. Buffer Overflow occurs when the program overwrites data outside the bounds of allocated memory It was one of the first exploited.

Chapter 6 Buffer Overflow. Buffer Overflow occurs when the program overwrites data outside the bounds of allocated memory It was one of the first exploited.
Exploiting Buffer Overflows on AIX/PowerPC HP-UX/PA-RISC Solaris/SPARC.

Exploiting Buffer Overflows on AIX/PowerPC HP-UX/PA-RISC Solaris/SPARC.

Similar presentations

Ads by Google