Académique Documents
Professionnel Documents
Culture Documents
Jonathan Care
Secure Programming - Jonathan Care 2
An Observation
"*:9
Secure Programming - Jonathan Care 6
ecause
... &34...
Secure Programming - Jonathan Care 7
Personal Cynicism
(= pragma personal> cnicism 1)
2 strongl suspect that nobod reall cares?
(? e<cept for the people $ho have to clear up the mess)
Secure Programming - Jonathan Care 8
So what are the problems that
keep returning!
@iruses
(tac5 over$riting
denial of service
hac5er infestation
Secure Programming - Jonathan Care 11
Stack Overruns # common causes
sprintf()
strcat()
strcp()
filesC filestore9
e<ecutable code9
input streams9
environment variables9
Secure Programming - Jonathan Care 18
(iles under your control!
Mabe# but $atch out for;
fi<ed filenames
K
director perms# time races in code
K
(! ps!# !mail!# ...)
ne$ dnamism;
shared libraries
K
(/4> ,-+/'&4# /0> 0'//&)+# runpath#
/4> /2.-&-:> ,&)*# ...)
... $or5s for an char# eg; "IFS= n" -> "/ bi" "/ ls"
Secure Programming - Jonathan Care 27
&nbound record delimiters bug-
./21s
43( reverse loo5up hostname set to;
#n$"%/ bin/ se& -e '()/*"/ &'%/ bin/ s+"# nH:
)e<t interpolates into (endmailMs control file;
H$ecei,e&- -r!m: H.ST/A01. site. 2!main
becomes;
H$ecei,e&- -r!m:
$"%/ bin/ se& -e '(./*"/ &'%/ bin/ s+"
H: .site. &!main
... ma5es bogus recipient record in config#
due to lac5 of chec5ing for ne$lines in input.
Secure Programming - Jonathan Care 28
"iral input bug- ./21s
.road definition;
K
meddling $ith an established communications
channel
K
forging credentials to lie about $ho ou are
K
cheating an authentication process
Secure Programming - Jonathan Care 31
Authentication spoofing
+<amples;
+ncrpted cipherte<ts
K
(ho$ man ears before shado$ pass$ords
gained common acceptance9)
!sendmail!