Question
Question 1: Why does ASLR make buffer-overflow attack more difficult? [20 points] Question 2: The buffer overflow example was fixed as below. Is this safe?
Question 1: Why does ASLR make buffer-overflow attack more difficult? [20 points]
Question 2: The buffer overflow example was fixed as below. Is this safe? [20point]
int bof (char *str, int size) {
char *buffer = (char *) malloc (size); strcpy (buffer, str);
return 1;
}
Question 3: [40 points]
Let us consider the following program, where the copy function is a (naive) attempt to protect the execution against buffer overflow vulnerabilities:
(a) This program is not secure : there exists a user input allowing to call foo with an array argument t containing more than 15 characters. Give an example of such input.
(b) Give two examples of protections (either code-level, compiler-level or execution platform-level) that may detect/prevent this kind of code weakness (i.e., unsafe buffer copy function).
Step by Step Solution
There are 3 Steps involved in it
Step: 1
Get Instant Access to Expert-Tailored Solutions
See step-by-step solutions with expert insights and AI powered tools for academic success
Step: 2
Step: 3
Ace Your Homework with AI
Get the answers you need in no time with our AI-driven, step-by-step assistance
Get Started