Bufferoverflows

[Daniel Toliaferro]

Does anybody here have any experience with bufferoverflows?

[Jonathan Ryan]

Like able to explain it, or actually pulling off an exploit?

On May 12, 2012 3:19 PM, "Daniel Toliaferro" <d.toli...@gmail.com> wrote:

Does anybody here have any experience with bufferoverflows?

--
You received this message because you are subscribed to the Google Groups "S4 Discuss" group.
To post to this group, send email to s4-di...@googlegroups.com.
To unsubscribe from this group, send email to s4-discuss+...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/s4-discuss?hl=en.

[Daniel Toliaferro]

Both, either. I know it has to do with overwriting memory.

[Daniel Toliaferro]

Not overwriting memory, corrupting memory addresses?

[Isaac Luxford]

Not so much corrupting - you write to the buffer and overrun the memory allocation so it writes to adjacent blocks. I have some C examples lying around somewhere I can track down.

[Daniel Toliaferro]

Cool, thanks.

[Shawn Busolits]

This is a really good paper, pretty much "the" paper, on buffer overflows. Most of the techniques won't work on modern systems because of things like ASR and canaries, but it's a really good intro.

http://www-inst.eecs.berkeley.edu/~cs161/fa08/papers/stack_smashing.pdf

[Daniel Toliaferro]

I've heard that heap overflows still work. I really gotta knuckle down and learn this stuff. Thanks, BTW.