Overflow Countermeasures

• What is setuid and why does it exist?
  • chmod u+s file
  • passwd, sudo ...
• They mention that no single countermeasure can defeat buffer overflows.
  • The simple "Always check array index values" is not always possible.
  • In the lab, strcpy will cause the overflow
    • strcpy assumes valid c style strings
    • Terminated with a null
    • But it does not check the destination to see if there is sufficient size to store the results.
  • strncpy does.
• Programmers should
  • Check the bounds of the array before writing.
  • Double check the bounds of the array for one off errors (I am bad at this)
  • Make sure the input contains the expected characters, ie only ascii.
  • Use utilities that check sizes.
  • Limit program's privileges
    • Check everything BEFORE you allow privilege escalation.
• Have others check your code
  • Formal code reviews
  • Independent testers
• Use a safe language
  • Or at least safe language constructs.
  • Python, java and others do not allow direct memory access.
  • Rust is much more proactive with bounds checking and other techniques to avoid buffer overflows.
  • Well debugged structures like strings and vectors also reduce the chance of buffer overflow.
• Code analyzers
  • These are programs that can check and find may buffer overflows.
  • an older article
• Stack Protection
  • Buffer overflow modifying the return address is the largest issue.
  • And the attacker can't do this precisely
  • So one defense is to add "canary" values around the return address.
  • Before the return function is called, check these values to see if they have been changed.
  • If so, crash.
  • Generation of unique "canary" values becomes the next problem.
    • If the attacker can figure it out, they can flood with canary, address, canary, address or with address, canary, address, canary until they defeat the countermeasure
• We will do a stack attack lab next.