Preventing Buffer Overflow Attacks Using GDB
This article is aimed at creating awareness about the need for secure coding practices to prevent buffer overflow attacks. It also demonstrates the use of the GNU Debugger (GDB) to detect buffer overflows in a program.
AEXIIHU RYHUflRw Ls D FULWLFDO flDw whHUHLn D program accesses memory not allocated to a buffer, overrunning its size. If a buffer is given more input than its size, the memory location(s) immediately following the buffer will be overwritten. This leads to loss of data in these locations, and also potentially enables a malicious XsHU WR gHW hLghHU SULYLOHgHs Ln WhH s\sWHP. BXIIHU RYHUflRws are commonly found in programs written in C and C++, since these languages do not have built-in mechanisms for SURWHFWLRn DgDLnsW EXIIHU RYHUflRws. BXIIHU RYHUflRws DUH common in cases that involve copying strings from one buffer to another. Some commonly used and vulnerable functions include gets, sprintf, strcpy and strcat. These functions do not perform bounds checking (i.e., whether the length of the string to be copied is smaller than the destination string) when copying the characters into another string.
Why it is important to understand buffer overflows
Buffer overflows have often been exploited to gain unauthorised access. One of the most sensational cases of hacking, involving buffer overflows, is the Morris worm incident that took place O5 years ago. Ever since, there have been similar cases of buffer overflows being exploited. Thus, there is a pressing need to prevent the possibility of buffer overflows because, if exploited, the
attacker can gain complete access over the kernel of the victim machine. In order to prevent buffer overflows, one needs to know more about them, particularly how and why they occur. Let us use GDB to uncover the possible buffer overflows in program code.