|
|
| word looked up : | home / archive |
Buffer overflowA buffer overflow is a type of computer bug. When the length limitation of a space reserved for data - a buffer - isn't properly enforced, a buffer overflow may occur. Input data is written to the buffer and, if the input data is longer than the buffer size, the space beyond the end of the buffer is overwritten.Buffer overflow bugs are frequently security vulnerabilities. A program which takes advantage of a vulnerability to subvert another program's security is called an exploit. A buffer overflow exploit works by feeding the program with specially crafted content designed to change the data that follows the buffer in memory. Buffer overflows are most easily exploited when the buffer is in the program stack, since this can lead directly to an alteration of the program's execution path. Determining the exploitability of a buffer overflow vulnerability can be difficult even for experienced programmers, since it involves a lot of high and low level knowledge of the architecture internals and the target program. Overflows of as little as a single byte beyond the end of a buffer have proved to be exploitable. Generally, the buffer overflow problem is caused by careless programming. Avoiding them is still a manual process as most formal verification[?] systems have yet proven unattainable in modern programming languages. Buffer overflows are common only in programs written in relatively low-level programming languages, such as assembly language, C and C++. Many programming languages use a combination of run time checking and static analysis to make it difficult or impossible to code a buffer overflow bug. However, runtime systems and libraries for such languages may occasionally have buffer overflows.
| |||
See This slashdot link (http://slashdot.org/search.pl?query=openbsd&op=stories&author=&tid=§ion=bsd&sort=1) for a remarkably loyal coverage of open bsd's progress.
In 1989, the Morris worm used a buffer overflow in a Unix program called finger to propagate itself over the Internet. Even after this incident, buffer overflows were virtually ignored as security issue by the public. Later, in 1995, Thomas Lopatic[?] independently reinvented the buffer overflow and published his findings on the Bugtraq security mailing list, which caused a wave of new security relevant buffer overflows to be found.
See also: computer security, shellcodes and some tutorials on http://www.phrack.org
Harcourt sat gazing at her with breathless amazement. "And
everybody said so, and now that I've heard this story I KNOW that
property?"
"Because he did not care for it."
"What did he care for, then?"
"Me, I suppose."
"But this calumny is not like a man who loves you."
"It is like a JEALOUS one."
With an effort Harcourt threw off his bewildered incredulity and
the flesh.html">flesh and blood.html">blood, but that flesh and blood would be very weak in
again, although her face had remained unchanged. "I do not see why
only a matter between myself and him; you can leave it to me."
"But if you are mistaken and he should not be.
On
wordlookup.net
All is still licensed under the GNU FDL.
It uses material from the wikipedia.
|
|