Chapter 6: Specifiers Under Control

image from book  Download CD Content

Overview

Formatted output strings and specifiers are not the hacker's trump cards. As a rule, intruders resort to them only out of despair, when all other means haven't produced any results. However, no one can know what might be useful in the future. Knowledge can never be redundant. Therefore, it is necessary to master the technique of finding vulnerabilities related to specifiers. Errors of this type are few and are mainly encountered in UNIX applications, where traditions of terminal output retain strong positions . According to some reports , in 2002 about 100 applications vulnerable to these errors were detected . And in 2003, the number of such errors exceeded 150. Among targets of such attacks were Oracle database servers and UNIX services, such as syslog or ftp. For the moment, no attacks of this type on Windows NT applications have been reported . This doesn't mean that Windows NT is better; it simply means that the graphic user interface doesn't make users inclined toward intense use of formatted output. Furthermore, the number of console utilities intended for Windows NT is small. Nevertheless, only negligent and careless individuals can consider themselves on the safe side. If you do not believe me, then read this chapter, which is intended to demonstrate how hackers can use formatted output for attacks on different operating systems, including Windows NT. The C programming language has a considerable advantage over Pascal thanks to its support of specifiers , which are a powerful tool of formatted input/output. This instrument is so powerful, that it can be considered a language within a language. The idea as such was borrowed from Fortran, the developers of which have taken into account the main drawback of its predecessor, Algol. Algol is a speaking name ” Algol stands for algorithmic language, and it focuses on the algorithmization. At the same time, input and output in Algol were considered a by-product of secondary importance and were not paid sufficient attention. Practice has shown that this approach was wrong. The generation of reports always required programmers to spend lots of time and effort, and it remains the most routine and tedious part of the program. The developers of programming languages decided to automate it. No sooner said than done. Thus, in the C programming language there appeared a fully-functional interpreter of formatting characters , which immediately became popular. However, with this interpreter problems appeared. Careless treatment of the specifiers has generated a new type, or even the entire new generation, of overflow errors. If consider the generations, then this generation is the third one. The first two generations ” sequential and index overflow ” were considered in Chapter 4 .

Errors related to processing the specifier represent a particular case of the more common program of string interpolation. Some languages, such as Perl, allow not only output formatting but also insertion of variables and even functions directly into the output string. This considerably simplifies programming and speeds up the application development process. Unfortunately, good ideas often become the foundation for militant vandalism. Convenience doesn't go with security. Everything that is convenient to develop is no less convenient to crack, although the inverse statement is not true. In general, the recommendation will be as follows : Do not interpret a language's functional capabilities dogmatically. Be creative and select only the best functions and operators!



Shellcoder's Programming Uncovered
Shellcoders Programming Uncovered (Uncovered series)
ISBN: 193176946X
EAN: 2147483647
Year: 2003
Pages: 164

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net