- A program writes data to a buffer beyond the intended boundaries.
- Can be used to :
- Overwrite local variables
- Overwrite the return address
- Jump to existing code
- Jump to our own code
Defence
Stack Canary
It is hard for Buffer Overflows to keep variables untouched that are in-between. So, if we add a check with a random value and mark it hard to guess, we can catch over flows.
NX Bit
- Data/Stack should never contain executable code.
- The NX-bit provides a hardware distinction between Text and Stack
- Used to mark non-executable areas.
- Program will crash when the IP ever points to a NX marked address.
ASLR
- To be able to run a successful exploit, you need to know the return address of functions.
- Address space layout randomisation (ASLR) we will add random offset to the stack and code base each time the program runs.
- Jumps in the program are altered to point to the right line.
- The idea is that its now hard for an attacker to guess the address of where they inject code or the address of particular functions.
- On by default in all OS.
Use “safe” methods
Instead of strcpy use strncpy(char * destination, char * source, size_t n);