http://update.proggen.org/ 2026-04-20T21:07:11+0200 http://update.proggen.org/ http://update.proggen.org/lib/tpl/proggenY/images/favicon.ico text/html 2022-09-22T19:39:27+0200 Anonymous (anonymous@undisclosed.example.com) http://update.proggen.org/doku.php?id=security:memory-corruption:protection:ascii-armor&rev=1663868367 ASCII-Armored Addresses The previous chapter about dangerous standard library functions revealed that many buffer overflows are caused by the incorrect handling of ASCII strings. Limiting this attack vector, Red Hat provided a patch for the Linux kernel that places executable code in low memory addresses. With all executable addresses containing a text/html 2022-09-22T19:39:27+0200 Anonymous (anonymous@undisclosed.example.com) http://update.proggen.org/doku.php?id=security:memory-corruption:protection:aslr&rev=1663868367 Address Space Layout Randomization (ASLR) Memory corruption exploitation techniques depend on the knowledge of absolute addresses in the context of the running application. Introducing randomness to the memory layout of the process increases exploitation difficulty. One attempt to do so is Address Space Layout Randomization (ASLR). As an operating system feature ASLR is available on all modern platforms, but its effectiveness depends on the implementation and size of the address space text/html 2022-09-22T19:39:27+0200 Anonymous (anonymous@undisclosed.example.com) http://update.proggen.org/doku.php?id=security:memory-corruption:protection:cfi&rev=1663868367 Tice, Caroline, et al. text/html 2022-09-22T19:39:27+0200 Anonymous (anonymous@undisclosed.example.com) http://update.proggen.org/doku.php?id=security:memory-corruption:protection:nx&rev=1663868367 NX Bit The memory of a process is divided into different segments. Roughly speaking, memory regions are distinguished by whether they contain data or executable code. Memory pages which are intended to store data are labeled with the No-eXecute (NX) bit. In case an application tries to execute code located in such a page, an error is raised. text/html 2022-09-22T19:39:27+0200 Anonymous (anonymous@undisclosed.example.com) http://update.proggen.org/doku.php?id=security:memory-corruption:protection:pie&rev=1663868367 Position-independent Executable (PIE) The protection mechanism ASLR was explained in the previous chapter. It introduces randomness to the memory layout of processes. Thus it is harder for attackers to correctly organize exploit execution. However, remember that even with ASLR fully enabled, the executable itself as well as the PLT are still not randomized. Position-independent Code (PIC) is a compiler feature which produces code that can be loaded at arbitrary addresses. Binaries consisting of… text/html 2022-09-22T19:39:27+0200 Anonymous (anonymous@undisclosed.example.com) http://update.proggen.org/doku.php?id=security:memory-corruption:protection:stack-protection&rev=1663868367 Stack Protection Modern compilers provide stack protection mechanism that can be compiled into a binary. Looking at GCC, it provides different flags to enable stack protection for functions. Using the -fstack-protector flag during compilation makes GCC supply every function with a buffer of at least 8 bytes. text/html 2022-09-22T19:39:27+0200 Anonymous (anonymous@undisclosed.example.com) http://update.proggen.org/doku.php?id=security:memory-corruption:protection:static-analysis&rev=1663868367 M. Alvares, T. Marwala and F. B. de Lima Neto, „Applications of computational intelligence for static software checking against memory corruption vulnerabilities, text/html 2022-09-22T19:39:27+0200 Anonymous (anonymous@undisclosed.example.com) http://update.proggen.org/doku.php?id=security:memory-corruption:protection:stdlib&rev=1663868367 Dangerous Standard Library Functions and Safer Alternatives The previous chapters explained different buffer overflow exploitation techniques. However, the overflows themselves did not happen in self-written code, but in standard library functions which were called with insufficiently validated parameters. We can see that one does not only need to be careful about writing safe code but also about using provided functions that make assumptions about the passed input. The standard library of the …