Secure Coding mailing list archives

Previous By Date Next
Previous By Thread Next

Re: (Shellcode Injection)

From: ljknews <ljknews () mac com>
Date: Sun, 14 Dec 2003 23:07:11 +0000
At 12:05 PM -0800 12/13/03, Crispin Cowan wrote:


A common form of attack against Unix and Windows (and in fact many other platforms) is to:

 1. Inject malicious code into a victim process's address space.
 2. Induce the program to jum to the malicious code.

The malicous code often spawns a shell,


External to the defective program, that could be avoided by running
the program in a process with insufficient quota to spawn a subprocess
(on operating systems that support such).


and so it is called "shellcode". Observations:

  * The malicous code does not always have to be injected, it can also
    be in the program's text segment, colloquially known as "return
    into libc" attack.
  * Inducing the program to jump to the malicious code can be effected
    in a variety of ways, including buffer overflows, printf format
    string attacks, and other type safety violations endemic to the C
    and C++ languages.


The community I frequent describes all of those as "buffer overflow"
and does not concern itself with the details of what happens after
control is transferred.

Indeed, avoiding C* as a programming language seems the simplest defense.
Previous By Date Next
Previous By Thread Next

Current thread: