Introduction to Buffer Overflows |
Basics of Buffer Overflows |
What is a buffer? |
What is a buffer overflow? |
A computer buffer overflow
– attacker treachery ahead |
Why is this a security problem? |
How could a computer (or programmer) be so dumb? |
Want a more detailed but non-techie explanation? |
ANALOGY: Computer~~Mailroom |
New data overwrites previous data |
Big numbers take multiple mailboxes |
Characters are represented as numbers, too |
Programs end up as numbers
in mailboxes, also! |
Special numbers used as addresses are also stored in mailboxes! |
Programs use addresses for commonly used orders and to change order of actions |
The mailroom is a computer. Computers need programmers to give them orders. |
Really! The mailroom is just like a modern computer on another scale! |
Programmers use subroutines for common functions used many places |
Executing subroutines requires stacks to keep track of returns |
Stacks are essential |
Problem: Pointers to stacks need mailboxes |
Problem: Subroutine data also needs to go on and off the stack, too |
What stacks look like |
All the pieces are in place – one minor error and we’ll see how to hijack the mailroom. |
How to hijack the mailroom: the stack arrangement is the culprit |
Patty wants into that computer! |
Alice goofed, a common mistake, and Patty knows how to take advantage. |
Patty knows where Norman will store her name and that part of her name is a program |
Patty knows that a buffer overflow will ovewrite the return point to go to her program |
Glossary |
Glossary |
Glossary |
About this Project |