Although Linux viruses are numbered, but based on the buffer overflow (BufferOverflow) vulnerability or surprised many Linux users.
The so-called "world's first Linux virus"?? Reman, strictly speaking is not a real virus, it is essentially an ancient, in Linux/Unix (including Windows and other systems) already exist in the world of the "buffer overrun" attack program. Reman just a very ordinary, automates the process of a buffer overflow, but even so, it has been in the Linux community panic aroused much. Buffer overflow vulnerability is a troubling security expert for over 30 years. In simple terms, it is because of programming mechanisms which, in the software of a memory error occurs. This memory error allows hackers to run a malicious code to undermine the system functioning properly, or even access to the entire system of control. Linux system characteristics associated with a buffer overflow to overwrite the contents of memory and the function's return address, thereby changing the code execution flow, only in certain permissions scope. Because the process of running and the current user's logon rights and identity-related, just to be able to create a buffer overflow is unable to break through the system for the current user's permissions settings. Therefore, although you can use buffer overflow allows a program to execute other code is specified, but the implementation of the code only has a specific permission, or is unable to complete a task beyond the permissions. However, Linux (including Unix) features of the system itself could be exploited to break through the limitations of this permission, the buffer overflow allows for higher, even full permissions. Primarily in the following two aspects: 1.Linux (including Unix) systems by setting certain attributes of the executable file for SUID or SGID, allow other users to the executable file owner's user ID or group ID to execute it. If the executable property is root, and files properties are set to SUID, then the executable file, there is an exploitable buffer overrun vulnerability, you can use it to perform a specific root identity, another arrangement of code. Now that can make one with root permission code could be executed, you can create a superuser with root permissions in the Shell, then master the entire system of control over the risk occurs. 2.Linux (including Unix) many daemons are run with root privileges. If these programs exist to take advantage of a buffer overflow that can directly make it as root to perform the addition of code without having to modify the program suid or SGID attributes. This control will get easier. With the development of modern network technology and network applications, network provides remote login mechanism, remote calls, and implementation mechanisms are necessary. This makes an anonymous Internet users the opportunity to exploit a buffer overflow vulnerability to gain access to a system of partial or full control. In fact, a buffer overflow vulnerability to attacks attacks account for remote network attacks, the vast majority of Linux system, which gives an extremely serious security threats. Pathway analysis typically an attacker would first attack root programs, and possible buffer overflow occurs when a memory error to perform similar "exec (sh)" code to get a root Shell. In order to obtain root privileges by Shell, the attacker needs to do the following: 1. in the program's address space arrangements appropriate specific code. General use of the following two methods to attack programs address space arrangements exploit code. 2. adoption of the appropriate initialization registers and memory, make the program a buffer overflow is not able to return to the original Office, but a jump to address space by arrangement. When the attacker finds a way to change the original program execution code and process, the risk of attacks came into being. Preventive measures for Linux buffer overflow attack threats both come from software write mechanism, but also from the Linux (and UNIX) characteristics of the system itself. In fact, buffer overflow attacks and various computer virus rampant root cause lies in modern computer systems are based on the Feng? Neumann "stored procedures" in the works. This basic principle makes your programs and data can be propagated in memory, copy and execute. Therefore, in order to effectively protect against buffer overflow attacks should be from both the double pipe.
No comments:
Post a Comment