Secure Coding mailing list archives
Re: (Shellcode Injection)
From: ljknews <ljknews () mac com>
Date: Sun, 14 Dec 2003 23:07:11 +0000
At 12:05 PM -0800 12/13/03, Crispin Cowan wrote:
A common form of attack against Unix and Windows (and in fact many other platforms) is to: 1. Inject malicious code into a victim process's address space. 2. Induce the program to jum to the malicious code. The malicous code often spawns a shell,
External to the defective program, that could be avoided by running the program in a process with insufficient quota to spawn a subprocess (on operating systems that support such).
and so it is called "shellcode". Observations: * The malicous code does not always have to be injected, it can also be in the program's text segment, colloquially known as "return into libc" attack. * Inducing the program to jump to the malicious code can be effected in a variety of ways, including buffer overflows, printf format string attacks, and other type safety violations endemic to the C and C++ languages.
The community I frequent describes all of those as "buffer overflow" and does not concern itself with the details of what happens after control is transferred. Indeed, avoiding C* as a programming language seems the simplest defense.
Current thread:
- [SC-L] Jeffrey W. Baker (Dec 12)
- Re: [SC-L] Crispin Cowan (Dec 12)
- Re: (Shellcode Injection) ljknews (Dec 13)
- Re: (Shellcode Injection) Crispin Cowan (Dec 13)
- Re: (Shellcode Injection) ljknews (Dec 14)
- Re: (Shellcode Injection) Crispin Cowan (Dec 14)
- Re: (Shellcode Injection) ljknews (Dec 15)
- Re: (Shellcode Injection) Crispin Cowan (Dec 15)
- Re: (Shellcode Injection) ljknews (Dec 13)
- The right tool for the right job, quit beating on the C language Dana Epp (Dec 14)
- Re: The right tool for the right job, quit beating on the C language ljknews (Dec 14)
- Re: [SC-L] Crispin Cowan (Dec 12)
- Re: (Shellcode Injection) Louis Solomon [SteelBytes] (Dec 15)
- Re: (Shellcode Injection) ljknews (Dec 15)
- Message not available
- Re: (Shellcode Injection) Crispin Cowan (Dec 14)
- <Possible follow-ups>
- RE: [SC-L] Lewis, Todd (Dec 15)