Question: computer security 4.4. A student proposes to change how the stack grows. Instead of growing from high address to low address, the student proposes to

computer security

computer security 4.4. A student proposes to change how the stack grows.

4.4. A student proposes to change how the stack grows. Instead of growing from high address to low address, the student proposes to let the stack grow from low address to high address This way, the buffer will be allocated above the return address, so overflowing the buffer will not be able to affect the return address. Please comment on this proposal. 4.5. In the buffer overflow example shown in Listing 4.1, the buffer overflow occurs inside the strcpy ) function, so the jumping to the malicious code occurs when strcpy ) returns, not when foo ) returns. Is this true or false? Please explain. 4.6. The buffer overflow example was fixed as below. Is this safe? int bof (char str, int size) char buffer (char ) malloc (size) / The following statement has a buffer overflow problem / strcpy (buffer,str) return 1; 4.7. In exploit.c(Listing 4.2), when assigning the value for the return address, can we do the following? Do you think the return address will point to the shell code or not? Why? *((long (buffer +0x24)) -buffert 0x150; 4.4. A student proposes to change how the stack grows. Instead of growing from high address to low address, the student proposes to let the stack grow from low address to high address This way, the buffer will be allocated above the return address, so overflowing the buffer will not be able to affect the return address. Please comment on this proposal. 4.5. In the buffer overflow example shown in Listing 4.1, the buffer overflow occurs inside the strcpy ) function, so the jumping to the malicious code occurs when strcpy ) returns, not when foo ) returns. Is this true or false? Please explain. 4.6. The buffer overflow example was fixed as below. Is this safe? int bof (char str, int size) char buffer (char ) malloc (size) / The following statement has a buffer overflow problem / strcpy (buffer,str) return 1; 4.7. In exploit.c(Listing 4.2), when assigning the value for the return address, can we do the following? Do you think the return address will point to the shell code or not? Why? *((long (buffer +0x24)) -buffert 0x150

Step by Step Solution

There are 3 Steps involved in it

1 Expert Approved Answer
Step: 1 Unlock blur-text-image
Question Has Been Solved by an Expert!

Get step-by-step solutions from verified subject matter experts

Step: 2 Unlock
Step: 3 Unlock

Students Have Also Explored These Related Databases Questions!

Q:

A student proposes to change how the stack grows. Instead of growing from high address to low address, the student proposes to let the stack grow from low address to high address. This way, the...

Q:

3. A student proposes to change how the stack grows. Instead of growing from high address to low address, the student proposes to let the stack grow from low address to high address. This way, the...

Q:

Goal: Understand the concept of Buffer Overflows, potential security impacts and ways to help prevent them Task: In teams of 2 students, complete as much of the lab as time allows. Both individuals...

Q:

computer security course, please I need help it due 3 hours. 1 Lab Overview The learning objective of this lab is for students to gain the first-hand experience on buffer-overflow vulner- ability by...

Q:

1 WILMINGTON UNIVERSITY LIBRARY Business Continuity Plan (BCP) and Disaster Recovery Plan (DRP) 2 WILMU LIBRARY SERVICES 20,000 student population served 13 physical locations of access to university...

Q:

QUESTION: Begin by preparing your SWOT analysis to get a core understanding of where Amazon and Walmart were as companies in 2017. AMAZON AND WALMART ON COLLISION COURSE (CASE A) AMAZON AND WALMART...

Q:

What is the working capital, current ratio, and quick ratio of Intuit? Please use the attached annual report. Frequently, management will comment on liquidity in the MD&A (management's discussion and...

Q:

ISFM-300 Case Study, Stage 2: Business Process Analysis and Functional Requirements Before you begin this assignment, be sure you: 1. Have completed all previously assigned readings, particularly...

Q:

Good Morning Everyone, I need some assistance with these two problem. I must calculate the Debt to Equity for Tesla Inc. using their financial statements ( also attached). AND I must calculate the...

Q:

From the book Networks, Crowds, and Markets: Reasoning about a Highly Connected World. By David Easley and Jon Kleinberg. Cambridge University Press, 2010. Complete preprint on-line at...

Q:

Determine the COP of a heat pump that supplies energy to a house at a rate of 8000 kJ/h for each kW of electric power it draws. Also, determine the rate of energy absorption from the outdoor air.

Q:

Explain the meaning of a temporary difference as it relates to deferred tax computations, and give three examples.

Q:

The _ _ _ _ _ _ _ _ class constructor is called before the _ _ _ _ _ _ _ _ class constructor. private, public public, private base, derived derived, base

Q:

The first scenario will be a Verbal Judo scenario in which your scenario follows the standard Verbal Judo interaction: You need to ask somebody to modify their behavior either to do something or to...

Q:

Ensure continued excellence in people management.

Q:

Enhance the international team by recruiting the best people.

Q:

Optimize the organization and its resources both locally and internationally.