Showing posts with label data. Show all posts
Showing posts with label data. Show all posts

Wednesday, November 17, 2010

Faults! Yes, but it is still necessary to exploit ...



But it is on one side and holes on the other, the possibility of exploiting them. Mac OX 10.5, Apple introduced two devices to protect its operating system against this: the ASLR and DEP. The first, and Address Space Layout Randomization, is to introduce an element of chance in the distribution of data areas in virtual memory. And thus limit the possibilities of executing malicious code introduced in memory overflow the buffer, for example. DEP completes the first device by prohibiting the execution of injected code still in memory areas reserved for data. The DEP is closely tied to the hardware architecture of the computer.

In Mac OS X 10.5 and 10.6, the ASLR is too partial. Charlie Miller underlines that "there are many things that are not random, as the location of the dynamic linker [which deals with memory and seek to link shared libraries when an application is launched], or stack and heap [two areas in memory where some data are stored temporarily]. "And for the DEP, the situation is no better: it only applies to 64-bit process. Charlie Miller, he must report this to the world in the face: "In Windows, ASLR is complete and they have the DEP." And if, for Apple, the move to 64 bit improves security for Miller " this makes the circumvention of DEP that more difficult. "But not impossible.

Certainly, as pointed out Charlie Miller, Apple has made available to developers - and uses in Safari - tools from further strengthen security: "canary." These are reference values that are placed in a buffer and to verify the data stored in the stack to monitor potential buffer overflows, the first data corruption in this case to just be the canary. But again, the expert pointed out that using this type of security systems based on the specific compiler may require a migration to environment and development is not entirely suited to large projects with a strong history.