Back to Cptr427Winter2010

Hacking Exposed Chapter 10: Hacking Code

Common exploit techniques

• Buffer Overflows and Design Flaws
• Input Validation Attacks

Stack Buffer Overflows

• Easiest and most devastating buffer overrun
• A stack is the computer memory used when functions call other functions.
• Occurs when a program writes to a memory address on the program's stack outside of the intended data structure

Countermeasures

• Practice safe and secure coding standards.
• Check your code.
• Consider prohibiting the use of old C runtime buffer functions.
• Employ stack execution protection.
• Use compiler tools.

Heap/BSS/Data Overflows

• Very similar to stack overflows
• The heap is used by programs to allocate dynamic memory at runtime.

Countermeasures

• Practice safe and secure coding standards.
• Check your code.
• Consider prohibiting the use of old C runtime buffer functions.
• Employ stack execution protection.
• Use compiler tools.

Format String Attacks

• Overwrites portions of memory to give the hacker control over the CPU’s execution flow.
• Takes advantage of misused functions, most notably, the printf() family of functions.

Countermeasures

• Hard code the format specifier in your functions. In other words, be sure to utilize the complete printf() function.

Off-by-One Errors

• When a programmer miscounts something in his conditional statement.

• Eg. if (id < 0 || id > channels_alloc)

Countermeasures

• Check all code carefully

Canonicalization Attacks

• Canonicalization is the process for determining how various forms or characters of a word are resolved to a single name or character.

Countermeasures

• Address the problem with the language you are writing in.
• Be specific about what data your application will accept.

Common Countermeasures

• People:
  • Changing the Culture
  • Talk Softly
  • Carry a Big Stick
  • Security Improves Quality and Efficiency
  • Encode It into Governance
  • Measure, Measure, Measure
  • Accountability
• Process:
  • Appoint a Security Liaison on the Development Team
  • Education, Education, Education
  • Threat Modeling
  • Code Checklists
  • Security in the Development Lifecycle
  • Security Testing
  • Audit or Final Security Review
  • Maintenance
• Technology:
  • Managed Execution Environments
  • Input Validation Libraries
  • Platform Improvements

Conclusion

• Stack Buffer Overflows are easiest and most dangerous buffer overrun hacks.
• printf() most misused function by Format string attacks.
• Canonicalization - the process for determining how various forms or characters of a word are resolved to a single name or character.
• Many common countermeasures.

Quiz

• What is considered the easiest buffer overrun hack?
• Which function is the most misused by Format string attacks?
• Name 3 common countermeasures.

Answers

• Stack Buffer Overflows
• Printf()
• Any of the 18 given