What Is a Buffer Overflow?
Buffer overflow is a very common and very dangerous vulnerability, which exists widely in various operating systems and application software. The use of buffer overflow attacks can lead to consequences such as program failure, system downtime, and restart. What is more serious is that it can be used to execute unauthorized instructions and even obtain system privileges to perform various illegal operations.
- Computer programs generally use some memory, which is used internally by the program or stores user input data. Such memory is generally called a buffer. Overflow refers to the overflowing of the contents of the container beyond the capacity of the container, in computer programs, the data uses memory space other than the allocated memory space. The buffer overflow simply means that the computer does not perform effective detection on the input data received (ideally, the program checks the data length and does not allow characters exceeding the buffer length to be entered). The capacity of the buffer itself causes the data to overflow into the memory space outside the allocated space, so that the overflowed data overwrites the data in other memory spaces. [1]
- In the field of computer security, buffer overflow is like opening a back door to your own program. This kind of security danger is fatal. Buffer overflows are widespread in various operating systems and application software. An attack using a buffer overflow vulnerability is a buffer overflow attack. A buffer overflow attack can cause a program to fail, shut down the system, restart it, or execute an attacker's instructions, such as illegally elevating permissions.
- In the current network and distributed system security, more than 50% are widely used
- In January 2000, the Cerberus Security Team released
- Buffer overflow attacks account for the vast majority of remote network attacks, which can give an anonymous Internet user the opportunity to gain some or all control of a host. If the buffer overflow vulnerability can be effectively eliminated, a large part of the security threats can be mitigated.
- There are currently four basic methods to protect buffers from attacks and effects of buffer overflows.
Buffer overflow protection
- This method makes buffer overflow impossible, thus completely eliminating the threat of buffer overflow, but relatively expensive.
- Integrity check
- Perform a integrity check before the program pointer expires. Although this method cannot invalidate all buffer overflows, it can prevent most buffer overflow attacks.
- Non-executing buffer
- By making the data segment address space of the attacked program non-executable, it is impossible for an attacker to execute code implanted in the input buffer of the attacked program. This technique is called non-executing buffer technology. In earlier Unix system designs, only program code was allowed to execute in code segments. However, Unix and MS Windows systems often need to dynamically put executable code in the data segment to achieve better performance and functions. This is also the root cause of buffer overflow. In order to maintain program compatibility, it is impossible to make all data segments of the program unexecutable.
- But you can set the stack data segment to be non-executable, so that you can ensure program compatibility. Both Linux and Solaris have released kernel patches in this regard. Because there are hardly any legitimate programs that store code on the stack, this approach has almost no compatibility issues. Except for two special cases in Linux, the executable code must be placed on the stack:
- Signaling
- Linux sends Unix signals to a process by releasing code to the process stack and then raising an interrupt to execute the code in the stack. Non-executing buffer patches allow buffer execution when sending signals.
- GCC online reuse
- Research has found that gcc places executable code in the stack area for online reuse. However, turning off this feature did not cause any problems, and only some features seemed to be unavailable.
- The protection of the non-executive stack can effectively deal with buffer overflow attacks that implant code into automatic variables, but has no effect on other forms of attacks. This protection can be skipped by referring to a pointer to a resident program. Other attacks can bypass protection by embedding code into the heap or static data segments.
Buffer overflow write safe code
- Writing correct code is a very meaningful job, especially a free-style and error-prone program like C. This style is caused by the tradition of neglecting correctness in the pursuit of performance. Although it took a long time to let people know how to write secure programs, programs with security holes still appear. Therefore, people have developed some tools and techniques to help inexperienced programmers write safe and correct programs.
- The easiest way is to use grep to search for calls to vulnerable libraries in the source code, such as calls to strcpy and sprintf. Neither of these functions checks the length of the input parameters. In fact, all versions of the standard library have such problems.
- In addition, people have also developed some advanced error checking tools, such as fault injection. The purpose of these tools is to find code security holes by randomly generating some buffer overflows. There are also static analysis tools for detecting the presence of buffer overflows.
- Although these tools help programmers develop more secure programs, due to the characteristics of the C language, these tools cannot find all buffer overflow vulnerabilities. Therefore, debugging technology can only be used to reduce the possibility of buffer overflow, and it cannot completely eliminate its existence. [1]