CSE 227: Lecture 4

The topics covered in this lecture are buffer overflow attacks, TOCTTOU attacks

Buffer Overflow Attacks

Example code: 
void f() {
    char buf[80];
    ...
    gets(buf);
    ...
}
Assumption: attacker controls what is input to the program, so standard input is a network socket or a file provided by the attacker.

TOCTTOU attacks

if (0 == access(fname,O_RDWR)) {
    /* check that real uid has read/write access to file */
    ...
    fd = open(fname,O_RDWR,0);
    /* use effective uid (root) to actually get a file descriptor */
    ...
    /* process file */
}

Additional Info

Read about electronic voting machines for in-class discussion.

New worm attack slows down the Internet. Read the story at the BBC, the story at CNN, and the original CERT advisory about the vulnerability, and the current advisory about the worm.

[ search CSE | CSE | bsy's home page | links | webster | MRQE | google | yahoo | citeseer | pgp certserver | openpgp certserver ]
picture of bsy

bsy+cse227w03@cs.ucsd.edu, last updated Sat Jan 25 15:07:15 PST 2003. Copyright 2003 Bennet Yee.
email bsy.

Don't make me hand over my privacy keys!