hello
i always here the people teach me to write code in secure manner to avoid buffer overrn attacks, however, i do not know even until today, how sun weakness discovered, since most of the private code are kept propertiery.
2007-11-25 14:07:20 · 2 answers · asked by david w 5 in Computers & Internet ➔ Security
The answer is because most programs are written in C such as Windows. C doesn't automatically do range checks for variables. While the code is proprietary, some variables are known plus some of the hardest hitting worms/viruses have come about after technical details were released with the patch to fix it. Virus writes read the security details and write worms to exploit it.
"The problem of buffer overruns in C programs has been
recognized since the early ‘70s as one possible consequence
of the C language-data integrity model. The C programming
language does not automatically support bounds-checking
internally when initializing, copying or moving data between
or into variables."
2007-11-25 14:16:26 · answer #1 · answered by Anonymous · 0⤊ 0⤋
There is no "practical" scenario for a buffer overrun. It always occurs maliciously. Someone has to construct a message header that looks like it is legit, but it is longer than the standard (or negotiated) size for network or other buffers. AND the code to be attacked has to be near the location of the buffer.
The best way to PREVENT a buffer overrun attack is to always sanity-check the message header vs. where you intended to put it. Then, where possible, buffer the buffer by adding a blank area behind it.
In those rare cases where you have control over the memory management hardware, you could also block access to the segment outside the buffer's true boundaries, but not all programmers have access to that feature.
What you are more likely to have is the ability to know your paging granularity and make your maximum buffer size fit exactly into an integer multiple of the page size. I.e. if your page size is 512 bytes, typical buffer sizes would be 1024, 1536, and 2048 bytes.
As to how such weaknesses are discovered, some folks who are cruel enough (and morally bereft enough) to write code to exploit an overrun weakness were PREVIOUSLY criminal in finding a copy of the code to reverse-engineer. I.e. another illegal act, but obviously they don't care.
In case you couldn't tell, I'm one of those who thinks that hackers are misguided when they say, "We just wanted to prove the weakness." They don't realize that they do more harm than good by such exposure if they publish their findings.
2007-11-25 14:23:05 · answer #2 · answered by The_Doc_Man 7 · 0⤊ 0⤋