Next:
Introduction
Black Hats Manual
Software Security
Auditing, Cracking, Debugging
Olaf Kirch
Introduction
What is Computer Security?
Software and Security
About this Book
Copyright and Copying Conditions
Thanks
Buffer Overflows and Other Memory Problems
Buffer Overflows
The Nitty Gritty Details
Solution: Use a Real Programming Language
Solution: Non-executable Stack
Use a second buffer
Jump into libc
Overwrite a function pointer
Protecting against Buffer Overflows
Using Stackguard
Using libsafe
Stackguard vs. Libsafe
Other Types of Memory Corruption
Format String Bugs
References
Setuid applications
Real and Effective IDs
Setuid-ness is a Design Issue
Be Careful with that Axe, Eugene
Juggling with UIDs
Changing User IDs in the Berkeley World
Too Simple? Here comes POSIX
Dropping Privilege
Dropping privilege after initialization
Okay, so you need special privilege when opening a file
Creating a file
Running another program
The Mechanics
Closing open files
Dropping privileges with
popen
I'm not scared yet, hit me harder!
Where do you want to go tomorrow?
Clean up your Environment
Do not trust
argv[0]
Do not trust file descriptors 0, 1, 2
Double check strings used as command line arguments
Keep it simple
Do not trust signals
For Lovers of the Bizarre
Working with Temporary Files
Exhibit A:
elm
Falling into the link trap
Defenses that Don't Work
Symlink Flipping
Generated file names
There be Dragons
Creating a One-shot File
Exchanging data via a temporary file
Unix sockets and named pipes
Getting out of this mess
Lost in Legacy Space? Use a private directory!
Setuid programs and temporary files
Network Applications
It's not just servers
The Golden Rule of network applications
Protocols Galore
Network Layer Attacks
Passive Network Attacks
Active Network Attacks
So should we pull the network plug?
Bad Habits Die Hard: Privileged Ports
Address based Access Control
What's your Name? Address to Name Mapping
Other DNS Woes
Back to Access Control
DNS data sizes
Other Helper Protocols
Network Layer, Summary
Presentation Layer Issues
Text Based Protocols
Binary Representation Protocols
Fixed Length Strings
Variable Length Data
Word size issues
HTTP's Funky Quoting Mechanism
Respect packet boundaries
Presentation Layer, Summary
Application layer issues
Buffer Overflows
Dangerous Characters in Strings
Embedding String in Pathnames
Embedding Data in HTML
Passing Strings to the Shell
Other Pitfalls with Command Line Arguments
Passing Arguments through Environment Variables
Running Other Programs from Perl or Python
Shell Scripts in Network Applications
Bounce Attacks
Don't trust ports below 512
General section on CGI security?
Properly dropping privilege
Running other programs
Summary
Denial Of Service
Fork bombs
Memory hogs
Filesystem Denial Of Service
Saturating the Network
Other types of Attack
Remotely Crashing the Operating System
Reverse DNS Lookups
Concurrency problems
Defending against Resource Exhaustion
How to React to DoS Attacks
Auditing for Security Problems
Follow the flow of hostile data
New Solutions
Emily's Coding Corner
Least Privilege
Avoid setuid if a group does the trick
Use setgid rather than setuid
Don't fix it, rewrite it
Helper Programs
The
fork
approach
Unix socket magic
Using
chroot
jails
Using
tcpd
Style access control
Large network apps
Using Capabilities
Using Cryptography
DNS Reverse Lookup Explained
60 Seconds DNS Crash Course
Security Implications of DNS Reverse Mapping
GNU Free Documentation License
Preamble
Applicability and Definitions
Verbatim Copying
Copying in Quantity
Modifications
Combining Documents
Collections of Documents
Aggregation With Independent Works
Translation
Termination
Future Revisions of This License
ADDENDUM: How to use this License for your documents
About this document ...
Olaf Kirch 2002-01-16
