14. Memory Safety

Question 1

What is an operating system?

Answer 1

Interface between applications and the hardware

Question 2

What are the execution modes on unix?

Answer 2

• user mode - kernel mode

Question 3

What is user mode?

Answer 3

Access to resources through syscall to kernel

Question 4

What is kernel mode

Answer 4

Direct access to resources

Question 5

What is a process?

Answer 5

Program that is currently executing

Question 6

What is a PID?

Answer 6

Process ID, used to identify a process

Question 7

What is a fork?

Answer 7

Method by which a process starts a child process

Question 8

How are file permissions represented in unix?

Answer 8

Question 9

What’s a UID (unix)?

Answer 9

Real user ID, user that launched program

Question 10

What is euid (unix)?

Answer 10

Effective user ID, user that owns program

Question 11

What is the setuid property?

Answer 11

Sets euid of process to owner (as apposed to user that executed the program) to allow restricted access to sensitive resources

Question 12

What direction does the heap grow?

Answer 12

Upwards

Question 13

What direction does the stack grow?

Answer 13

Downwards

Question 14

What does the text space contain?

Answer 14

• Program instructions - Static data

Question 15

What is the stack comprised of?

Answer 15

Stack frames

Question 16

What is in a stack frame?

Answer 16

1. Arguments
2. Return address
3. Stack frame pointer
4. Exception handlers
5. Local variables

Question 17

What is the EIP register?

Answer 17

Extended instruction pointer

Question 18

What is ESP register?

Answer 18

Extended stack pointer

Question 19

What is EBP register?

Answer 19

Extended base pointer, a more convenient way to access a functions parameters and local variables

Question 20

What does the calling function do?

Answer 20

1. Push arguments onto stack 2. Push return address onto stack 3. Jump to function address

Question 21

What does the called function do?

Answer 21

1. Push old frame pointer onto stack (edp) 2. Set frame pointer (ebp) to end of stack (esp) 3. Push local variables

Question 22

What does the returning function do?

Answer 22

1. Reset previous stack frame: esp = ebd, ebd = (ebd)
2. Jump to return address: eip = 4(esp)

Question 23

What does printf(“%08x”) do?

Answer 23

Since no arguments where provided, it will print 4 bytes from the stack

Question 24

What does printf (“12345%n”, &i) do?

Answer 24

Writes 5 (bytes written) into i

Question 25

What are stack canaries?

Answer 25

Add small random integer before return address on the stack, before returning check the stack canary, if it does not match the stack was corrupted.

Question 26

What is a return-to-libc attack?

Answer 26

Instead of the attacker injecting his own code, he points the return address to a usefull function in libc, which most C programs depend on

Question 27

What does ASLR stand for?

Answer 27

Address space layout randomization

Question 28

What does ASLR do?

Answer 28

Place system librarys (libc) in random locations, prevents return-to-libc attacks