CIT 480: Securing Computer Systems

CIT 480: Securing Computer Systems

Secure Programming

Topics

1. Input-based vulnerabilities 2. Input validation 3. Input entry points 4. Integer overflows 5. Format string attacks 6. The nature of trust

Path Traversal Vulnerabilities

Example web application URL

?

What if URL modified after file= to be?

? getfile.php ? Could threat read application source code?

What if URL modified after file= to be?

? ../../../../../etc/passwd ? Walks up directory tree to get passwd file.

Paths

If attacker controls paths used by program

? Can read files accessible by program. ? Can write files accessible by program.

Vulnerability if access is different than attackers

? Privileged (SETUID) local programs. ? Remote server applications, including web.

Directory traversal

? Use "../../.." to climb out of application's directory and access files.

Canonicalization

How to make correct access control decisions when there are many names?

? config ? ./config ? /etc/program/config ? ../program/config ? /tmp/../etc/program/config

Canonical Name: standard form of a name

? Generally simplest form. ? Canonicalize name then apply access control. ? Use realpath() in C to canonicalize.

Common Naming Issues

? . represents current directory ? .. represents previous directory ? Case sensitivity ? Windows allows both / and \ in URLs. ? Windows 8.3 representation of long names

? Two names for each file for backwards compat.

? Trailing dot in DNS names

? nku.edu. == nku.edu

? URL encoding

Win/Apache Directory Traversal

Found in Apache 2.0.39 and earlier.

To view the file winnt\win.ini, use: 2e%5c%2e%2e%5c%2e%2e%5cwinnt%5cwin.i ni

which is the escaped form of \..\..\..\..\winnt\win.ini

Command Injection

Find program that invokes a subshell command with user input

Shell: every command with user input Perl: system(), ``, open() Ruby: system(), ``, %x{}, IO.popen(), etc. Python: os.system(), os.popen(), etc.

Attack uses shell meta-characters to insert user-defined code into the command.

................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download

To fulfill the demand for quickly locating and searching documents.

It is intelligent file search solution for home and business.

Literature Lottery

Related download
Related searches

©2024 5y1.org, Inc. All rights reserved.