728x90
- there is no reliable way to prevent writing beyond the bounds of an array. Instead, the program can attempt to detect when such a write has occurred before it can have any harmful effects.
- Recent versions of gcc incorporate a mechanism known as a stack protector into the generated code to detect buffer overruns.
- The idea is to store a special canary value in the stack frame between any local buffer and the rest of the stack state,
- This canary value, also referred to as a guard value,
- Before restoring the register state and returning from the function, the program checks if the canary has been altered by some operation of this function or one that it has called. If so, the program aborts with an error.
- By storing the canary in a special segment, it can be marked as “read only,” so that an attacker cannot overwrite the stored canary value.
Limiting Executable Code Regions
- A final step is to eliminate the ability of an attacker to insert executable code into a system.
- the virtual memory space is logically divided into pages, typically with 2,048 or 4,096 bytes per page.
- the x86 architecture merged the read and exe- cute access controls into a single 1-bit flag, so that any page marked as readable was also executable.
3.10.5 Supporting Variable-Size Stack Frames
- Some functions, however, require a variable amount of local storage. This can occur, for example, when the function calls alloca, a standard library function that can allocate an arbitrary number of bytes of storage on the stack.
728x90
'csapp' 카테고리의 다른 글
| 4.2 Logic Design and the Hardware Control Language HCL (0) | 2023.05.03 |
|---|---|
| 4.1 The Y86-64 Instruction Set Architecture (0) | 2023.05.02 |
| 3.9.2 Unions (0) | 2023.04.22 |
| 3.8.3 Nested Arrays (0) | 2023.04.19 |
| 3.7.4 Local Storage on the Stack (0) | 2023.04.18 |
댓글