computer security

4.4. A student proposes to change how the stack grows. Instead of growing from high address to low address, the student proposes to let the stack grow from low address to high address This way, the buffer will be allocated above the return address, so overflowing the buffer will not be able to affect the return address. Please comment on this proposal. 4.5. In the buffer overflow example shown in Listing 4.1, the buffer overflow occurs inside the strcpy ) function, so the jumping to the malicious code occurs when strcpy ) returns, not when foo ) returns. Is this true or false? Please explain. 4.6. The buffer overflow example was fixed as below. Is this safe? int bof (char str, int size) char buffer (char ) malloc (size) / The following statement has a buffer overflow problem / strcpy (buffer,str) return 1; 4.7. In exploit.c(Listing 4.2), when assigning the value for the return address, can we do the following? Do you think the return address will point to the shell code or not? Why? *((long (buffer +0x24)) -buffert 0x150; 4.4. A student proposes to change how the stack grows. Instead of growing from high address to low address, the student proposes to let the stack grow from low address to high address This way, the buffer will be allocated above the return address, so overflowing the buffer will not be able to affect the return address. Please comment on this proposal. 4.5. In the buffer overflow example shown in Listing 4.1, the buffer overflow occurs inside the strcpy ) function, so the jumping to the malicious code occurs when strcpy ) returns, not when foo ) returns. Is this true or false? Please explain. 4.6. The buffer overflow example was fixed as below. Is this safe? int bof (char str, int size) char buffer (char ) malloc (size) / The following statement has a buffer overflow problem / strcpy (buffer,str) return 1; 4.7. In exploit.c(Listing 4.2), when assigning the value for the return address, can we do the following? Do you think the return address will point to the shell code or not? Why? *((long (buffer +0x24)) -buffert 0x150