CSE 127 Lecture Notes - Lecture 3: Undefined Behavior, C String Handling, Morris Worm
Document Summary
It does exactly what it does - no more, no less. Lets attack run the code of their choosing on your computer. Complex systems almost always contain unintended functionality. Exploit: mechanism by which an attacker triggers unintended functionality in the system. Security requires understanding both intended and unintended functionality. A bug in a software program that allows an unprivileged user capabilities that should be denied to them. Classic and important ones violate control flow integrity . Victim code is handling input that comes from across a security boundary. Simplest example: buffer overflow: anomaly that occurs when a program writes data beyond the boundary of a buffer. Basic core concept that enables a broad range of possible attacks. Many c stdlib functions make it easy to go pasy array bounds. Ex: string manipulation functions write to dest buffer until they encounter \0".