Welcome to the CSC Q&A.
Get help and give help!
Write great code!
It is our choices... that show what we truly are, far more than our abilities.

Categories

+19 votes

The textbook talks about this for a bit in section 1.13 Firewalls, but I'm still a little confused on what this actually is from the wording of the text. I understand the end result of control being sent to the attacker, but not the setup of how it occurs.

asked in CSC335_Spring2019 by (8 points)

1 Answer

+11 votes

The way that I understood this talking point from chapter one is that an attacker is able to send an over-sized input to the servers memory which leads to the overwriting of subsequent portions of memory that typically would not be in used for this sort of operation. By doing so, the attacker is able to used the re-written memory to their advantage by having it use low level programming languages such as C or C++ to create an attack from within. The vulnerability of this can cause a system crash or a way into a network or infrastructure of a company. Secure development practices in the various environments companies setup include regulated tests to ensure that this cannot be done (or at least make it easily done). The practices used are automatic protection at the language level and bounds-checking at run-time on the system. I hope someone can add to this or clarify further because it is definitely interesting!

answered by (8 points)
+9

That mostly sounds right to me, except that the attacker generally overwrites portions of memory with bytes that are in machine language (not C/C++), and then the machine ends up running that code.

Software that was originally written in C/C++ tends to be much more vulnerable to buffer overflows than Java, because Java always checks the length of an array whenever you attempt to assign to it, whereas C/C++ arrays are just pointers, and it can be easy to write data past the end of the array.

+6

Awesome! Thank you for the clarification, the few articles I read outside of the text mentioned C/C++ but I missed the machine language part of that bit. This would be interesting to see happen in real time as a demonstration.

...