Security

John Kostaras jkost at ergoway.gr
Fri Dec 3 11:37:29 EET 2004


Mporw va sou pw gia buffer overflows. Buffer overflow symbaivei otav
kapoios grafei eva programma wste va eisagei evtoles se perioxes tns
mvnmns wste va kalupsei to megisto epitrepomevo xwro mvnmns to opoio
xrnsimopoiei o kwdikas kapoiou programmatos. Me' autov tov tropo grafei
pavw sto arxiko programma stnv mvnmn, ki avti va ekteles8ei to arxiko
programma ektelouvtai oi evtoles pou 8elei o hacker. Me tov tropo auto
mporei p.x. va krasarei to programa 'n to OS, va ektelesei kapoiov io klp.

8a mou peis pws givetai auto; Auto givetai se glwsses opws n C/C++ pou dev
givetai elegxos av p.x. ta dedomeva evos array 3epairvouv to xwro pou 'xei
desmeytei apo to array:

int[] array = new int[10];

Av sto parapavw array eisageis p.x. 12 akeraious tote n C dev kavei elegxo
opws kavei p.x. n Java me apotelesma va sou epitrepei va grafeis kai pera
apo to 10-o stoixeio tou array. Ekei mporeis va baleis esu grammes kwdika
pou 8a graftouv pavw sto programma pou akolou8ei. M' autov tov tropo
ektelouvtai oi evtoles pou 'bales esu avti gia to kavoviko programma!

Syvn8ws bazouv tov kwdika tous sto stack giati ekteleitai oti brisketai
ekei xwris elegxous.

To pio gvwsto paper gia buffer overflows eivai to parakatw:

One, Aleph (codename), Smashing the Stack for Fun and Profit, Phrack issue
49, November 08, 1996

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Na milisoume ligo gia security systimatwn?
> Ti einai to "cross-site-scripting" kai to "buffer-overflow"?
>
> To "cross site scripting" to psilokatalavainw alla tha ithela tin voitheia
> sas gia na to katalavw plirws. (Plz, oxi links. Apla mia perigrafi)
>
> Gia to buffer overflow oute katalavainw ti einai oute giati kapoios na
> kanei mia enos tetoiou eidous epithesi. Me ti skopo/kerdos?
>
> Virgin, n.:
>     	An ugly third grader.
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.6 (GNU/Linux)
>
> iQEVAwUBQbAkLZitOObnPwLJAQIIpQgAjX37M47EdhlCjgtoaU9CLwXgpLs/m4v7
> 93Jfg4rPrHpgyGPknRHh76gzx4HbUkeHxKyxoJnlnPKPZq3svcGVOUYww1y0YsQI
> ouBvqxcjX8X8e1k2ZeXpT6izMwLZvJKPdiqQ6wiYftzUtC0HChnVOJxSBs4vojf1
> v0Zi70vCXGITP1+78Hbtg9HdHJBkZNaaeZLvE0wQa1vP7pKpIypz6i6hWxpBXdrY
> f0/7mH/NnrYuRR9Ao/kBaEf18+X+om33PnIOr9OPS0IgFdOYKtwoQUXv1bqs59CL
> DupBXrZRIqIDtPg/qn934EARq/zrIAoQarh2+gw9CMSFf9OuR45ZLw==
> =QRpW
> -----END PGP SIGNATURE-----
>
>
> --
> linux-greek-users mailing list -- http://lists.hellug.gr




More information about the Linux-greek-users mailing list