Describe why a stack canary would not be useful against a heap overflow attack.

Expert Solution

An information disclosure flaw in a different part of the program could disclose the global __stack_chk_guard value. This would allow an attacker to write the correct canary value and overwrite the function return address.
Not all buffer overflows are on stack. StackGuard cannot prevent heap-based buffer overflows.
While StackGuard effectively prevents most stack buffer overflows, some out-of-bounds write bugs can allow the attacker to write to the stack frame after the canary, without overwriting the canary value itself.
If a function has multiple local data structures and pointers to functions, these are allocated on the stack as well, before the canary value. If there is a buffer overflow in any one of these structures, the attacker can use this to overwrite adjacent buffers/pointers which could result in arbitrary code execution. This really depends on the arrangement of data on the stack.
On some architectures, multi-threaded programs store the reference canary __stack_chk_guard in Thread Local Storage, which is located a few kb after the end of the thread's stack. In these circumstances, a sufficiently large overflow can overwrite both canary and __stack_chk_guard to the same value, causing the detection to incorrectly fail.
Lastly, for network applications which fork() child processes, there are techniques for brute forcing canary values. This only works in some limited cases though.

venereology answered 1 year ago

Discuss how a stack buffer overflow attack is implemented.

In CP/M why are the stack and the heap on opposite ends of memory? Why is...

In CP/M why are the stack and the heap on opposite ends of memory? Why is the OS at the top of upper memory?

I am exploiting a buffer overflow attack and need to find three pieces of information in...

I am exploiting a buffer overflow attack and need to find three pieces of information in Linux using gdb. 1) The address of the function system 2) The address of the function parameter for system() which is /bin/sh. /bin/ parameter is what will spawn a shell 3) The address of a function that can exit the shell. I was able to use gbd commands to find the first two but what command would I use to find the address of...

Lab 3.1 Create your objects in the stack (not on the heap). Add a friend function,...

Lab 3.1 Create your objects in the stack (not on the heap). Add a friend function, kilotopound, which will convert kilograms to pounds. Change your weight mutator to ask whether weight is input in kilograms or pounds. If it is kilograms, call the friend function kilotopound to convert it to pounds and return pounds. There are 2.2 pounds in one kilogram. Create an object on the stack with the following information: uld – Container abbreviation - AYK uldid –...

Write a testing program (not sort.c from task 2) that contains a stack buffer overflow vulnerability....

Write a testing program (not sort.c from task 2) that contains a stack buffer overflow vulnerability. Show what the stack layout looks like and explain how to exploit it. In particular, please include in your diagram: (1) The order of parameters (if applicable), return address, saved registers (if applicable), and local variable(s), (2) their sizes in bytes, (3) size of the overflowing buffer to reach return address, and (4) the overflow direction in the stack (5) What locations within the...

Illustrate the stack and the heap allocation. Specify what each variable value holds and where different...

Illustrate the stack and the heap allocation. Specify what each variable value holds and where different references are pointing to. char[] class = {'C','O','M','P','1','2','2'"}; #define int n = 4; long long fibb(long long a, long long b, int n) { return (--n>0)?(fibb(b, a+b, n)):(a); } int main() { fib(3); //illustrate what memory looks like at this point return 0; }

C programming Illustrate the stack and the heap allocation. Specify what each variable value holds and...

C programming Illustrate the stack and the heap allocation. Specify what each variable value holds and where different references are pointing to. int main() { char str[20]; scanf("%[^\n]%*c", str); //illustrate how memory is allocated at this point printf("%s", str); return 0; }

C Programming Illustrate the stack and the heap allocation. Specify what each variable value holds and...

C Programming Illustrate the stack and the heap allocation. Specify what each variable value holds and where different references are pointing to. char[] class = {'C','O','M','P','1','2','2'"}; #define int n = 4; long long fibb(long long a, long long b, int n) { return (--n>0)?(fibb(b, a+b, n)):(a); } int main() { fib(3); //illustrate what memory looks like at this point return 0; }

Are bone-marrow derived cells primarily responsible for selecting against newly developed T cells that would attack...

Are bone-marrow derived cells primarily responsible for selecting against newly developed T cells that would attack self-MHC proteins as antigens. Yes, yes of course they are. Is this then an example of negative selection? Explain

C++ Memory Allocation: 1) Write a C++ program that allocates static, stack, & heap memory. Your...

C++ Memory Allocation: 1) Write a C++ program that allocates static, stack, & heap memory. Your program does not need to do anything else. Indicate via comments where memory for at least one variable in each memory area is allocated. a) Write code that allocates static memory (only include one declaration): b) Write code that allocates stack memory (only include one declaration): c) Write code that allocates heap memory (only include one declaration): 2) Edit the C++ program below to include...

Question