| Introduction to Buffer Overflows |
| Basics of Buffer Overflows |
| What is a buffer? |
| What is a buffer overflow? |
| A computer buffer overflow
– attacker treachery ahead |
| Why is this a security problem? |
| How could a computer (or programmer) be so dumb? |
| Want a more detailed but non-techie explanation? |
| ANALOGY: Computer~~Mailroom |
| New data overwrites previous data |
| Big numbers take multiple mailboxes |
| Characters are represented as numbers, too |
| Programs end up as numbers
in mailboxes, also! |
Special numbers used as addresses are also stored in mailboxes! |
| Programs use addresses for commonly used orders and to change order of actions |
| The mailroom is a computer. Computers need programmers to give them orders. |
| Really! The mailroom is just like a modern computer on another scale! |
| Programmers use subroutines for common functions used many places |
| Executing subroutines requires stacks to keep track of returns |
| Stacks are essential |
| Problem: Pointers to stacks need mailboxes |
| Problem: Subroutine data also needs to go on and off the stack, too |
| What stacks look like |
| All the pieces are in place – one minor error and we’ll see how to hijack the mailroom. |
| How to hijack the mailroom: the stack arrangement is the culprit |
| Patty wants into that computer! |
| Alice goofed, a common mistake, and Patty knows how to take advantage. |
| Patty knows where Norman will store her name and that part of her name is a program |
| Patty knows that a buffer overflow will ovewrite the return point to go to her program |
| Glossary |
| Glossary |
| Glossary |
| About this Project |