Free Trial

Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.


  • Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint
Share this Page URL
Help

38. Writing Secure Privileged Programs > Beware of Buffer Overruns

Beware of Buffer Overruns

Beware of buffer overruns (overflows), where an input value or copied string exceeds the allocated buffer space. Never use gets(), and employ functions such as scanf(), sprintf(), strcpy(), and strcat() with caution (e.g., guarding their use with if statements that prevent buffer overruns).

Buffer overruns allow techniques such as stack crashing (also known as stack smashing), whereby a malicious user employs a buffer overrun to place carefully coded bytes into a stack frame in order to force the privileged program to execute arbitrary code. (Several online sources explain the details of stack crashing; see also [Erickson, 2008] and [Anley, 2007].) Buffer overruns are probably the single most common source of security breaches on computer systems, as evidenced by the frequency of advisories posted by CERT (http://www.cert.org/) and to Bugtraq (http://www.securityfocus.com/). Buffer overruns are particularly dangerous in network servers, since they leave a system open to remote attack from anywhere on a network.


  

You are currently reading a PREVIEW of this book.

                                                                                                                    

Get instant access to over $1 million worth of books and videos.

  

Start a Free Trial


  
  • Safari Books Online
  • Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint