Question

In: Computer Science

Describe why a stack canary would not be useful against a heap overflow attack.

Describe why a stack canary would not be useful against a heap overflow attack.

Solutions

Expert Solution

  • An information disclosure flaw in a different part of the program could disclose the global __stack_chk_guard value. This would allow an attacker to write the correct canary value and overwrite the function return address.

  • Not all buffer overflows are on stack. StackGuard cannot prevent heap-based buffer overflows.

  • While StackGuard effectively prevents most stack buffer overflows, some out-of-bounds write bugs can allow the attacker to write to the stack frame after the canary, without overwriting the canary value itself.

  • If a function has multiple local data structures and pointers to functions, these are allocated on the stack as well, before the canary value. If there is a buffer overflow in any one of these structures, the attacker can use this to overwrite adjacent buffers/pointers which could result in arbitrary code execution. This really depends on the arrangement of data on the stack.

  • On some architectures, multi-threaded programs store the reference canary __stack_chk_guard in Thread Local Storage, which is located a few kb after the end of the thread's stack. In these circumstances, a sufficiently large overflow can overwrite both canary and __stack_chk_guard to the same value, causing the detection to incorrectly fail.

  • Lastly, for network applications which fork() child processes, there are techniques for brute forcing canary values. This only works in some limited cases though.

venereology answered 1 year ago
Next > < Previous

Related Solutions

In CP/M why are the stack and the heap on opposite ends of memory? Why is...
In CP/M why are the stack and the heap on opposite ends of memory? Why is the OS at the top of upper memory?
Write a testing program (not sort.c from task 2) that contains a stack buffer overflow vulnerability....
Write a testing program (not sort.c from task 2) that contains a stack buffer overflow vulnerability. Show what the stack layout looks like and explain how to exploit it. In particular, please include in your diagram: (1) The order of parameters (if applicable), return address, saved registers (if applicable), and local variable(s), (2) their sizes in bytes, (3) size of the overflowing buffer to reach return address, and (4) the overflow direction in the stack (5) What locations within the...
Illustrate the stack and the heap allocation. Specify what each variable value holds and where different...
Illustrate the stack and the heap allocation. Specify what each variable value holds and where different references are pointing to. char[] class = {'C','O','M','P','1','2','2'"}; #define int n = 4; long long fibb(long long a, long long b, int n) { return (--n>0)?(fibb(b, a+b, n)):(a); } int main() { fib(3); //illustrate what memory looks like at this point return 0; }
C programming Illustrate the stack and the heap allocation. Specify what each variable value holds and...
C programming Illustrate the stack and the heap allocation. Specify what each variable value holds and where different references are pointing to. int main() { char str[20]; scanf("%[^\n]%*c", str); //illustrate how memory is allocated at this point printf("%s", str); return 0; }
Are bone-marrow derived cells primarily responsible for selecting against newly developed T cells that would attack...
Are bone-marrow derived cells primarily responsible for selecting against newly developed T cells that would attack self-MHC proteins as antigens. Yes, yes of course they are. Is this then an example of negative selection? Explain
C++ Memory Allocation: 1) Write a C++ program that allocates static, stack, & heap memory. Your...
C++ Memory Allocation: 1) Write a C++ program that allocates static, stack, & heap memory. Your program does not need to do anything else.  Indicate via comments where memory for at least one variable in each memory area is allocated. a) Write code that allocates static memory (only include one declaration): b) Write code that allocates stack memory (only include one declaration): c) Write code that allocates heap memory (only include one declaration): 2) Edit the C++ program below to include...
Describe how the Heartbleed attack happens. What is the type of this attack? Where does the...
Describe how the Heartbleed attack happens. What is the type of this attack? Where does the vulnerability exist? Describe the vulnerability and how it is exploited? Describe the consequences of the attack?
Describe one potential new antibiotic or other medical interventions (i.e. bacteriophages) that might be useful against...
Describe one potential new antibiotic or other medical interventions (i.e. bacteriophages) that might be useful against Clostridioides difficile . Explain specifically how this drug would kill the bacteria or interfere with the disease.
What information about an entiity's fixed assets would be useful to an investor? Why would that...
What information about an entiity's fixed assets would be useful to an investor? Why would that information be useful?
One of the most successful attacks against wireless networks (WLAN) is the Evil Twin attack. The...
One of the most successful attacks against wireless networks (WLAN) is the Evil Twin attack. The goal is to introduce an attacker-controlled wireless access point near the “known good” WLAN network. This access point will advertise the exact same SSID as the authorized WLAN. Wireless users may accidently connect to this malicious access point thinking it is part of their authorized network. Once the connection is established, the attacker can initiate a man-in-the-middle attack and capture or relay traffic while...
ADVERTISEMENT
Subjects
ADVERTISEMENT
Latest Questions
ADVERTISEMENT