事实上,缓冲区溢位正越来越普遍。
为什么缓冲区溢位是安全性问题?
本专栏概述了缓冲区溢位问题。
This column gives an overview of the buffer overflow problem.
但是,缓冲区溢位问题并非已成古老的历史。
But the buffer overflow problem is far from ancient history.
这就是下面四个专栏将讨论缓冲区溢位的原因。
This is why our next four columns will deal with buffer overflow.
什么是缓冲区溢位?
装置回应造成缓冲区溢位。
很明显,至此您不会认为缓冲区溢位错误将是过时的。
Clearly, you would think by now that buffer overflow errors would be obsolete.
不要依靠动态指派所有一切,而遗忘缓冲区溢位问题。
Don't rely on dynamic allocation for everything and forget about the buffer overflow problem.
以上图表中,显示了可以直接归为缓冲区溢位的弱点数。
In chart above, the number of vulnerabilities that can be directly attributed to buffer overflows is displayed.
几十年来,缓冲区溢位一直引起许多严重的安全性问题。
Buffer overflows have been causing serious security problems for decades.
缓冲区溢位导致安全性问题的另一个方法是透过摧毁堆叠。
Another way in which buffer overflows cause security problems is through stack-smashing attacks.
因此,缓冲区溢位问题常常在标准测试期间是发现不了的。
As a result, buffer overflow problems are often invisible during standard testing.
发生缓冲区溢位时,会覆写下一个相邻的记忆体块。
When this happens, the next contiguous chunk of memory is overwritten.
我们将在缓冲区溢位的第三和第四专栏中详细讨论堆叠的摧毁。
We'll go into the details of stack smashing in our third and fourth columns on buffer overflows.
缓冲区溢位攻击是一种最恶名昭彰的软体安全问题。
Buffer overflow attacks are one of the most notorious software security problems.
检视这个程序,攻击者更容易得出如何利用实际输入导致缓冲区溢位。
Looking at the program, it is also easier for an attacker to figure out how to cause a buffer overflow with real inputs.
在本专栏中,介绍了缓冲区溢位,它永远可能是最糟的软体安全性问题。
In this column we've introduced you to buffer overflows, which are probably the worst software security problem of all time.
缓冲区溢位开始于每个程序都需要的一些情况︰放置位元的空间。
Buffer overflows begin with something every program needs: a place to put bits.
最坏的情况是︰程序可能正发生缓冲区溢位,但根本没有任何副作用的迹像。
In the worst cases, a program may be overflowing a buffer and not showing any adverse side effects at all.
让我们更深入地了解某些缓冲区溢位会造成严重安全性隐患的原因。
Let's dig deeper into why some kinds of buffer overflows have big security implications.
有些人认为在Windows程序中寻找缓冲区溢位比在UNIX程序中难。
Some people believe that it's harder to find buffer overflows in Windows programs than in UNIX programs.
目前,我们举的所有利用缓冲区溢位的范例都是针对UNIX系统的。
So far, all our examples of buffer overflow exploits have been for UNIX systems.
有创造力的攻击者会透过摧毁堆叠利用缓冲区溢位的弱点,然后执行任何程序码。
A creative attacker can take advantage of a buffer overflow vulnerability through stack-smashing and then run arbitrary code (anything at all).
并且资料显示这一问题正在扩大,而不是在缩减;请参阅「缓冲区溢位︰捲土重来」。
And the data show that the problem is growing instead of shrinking; see "Buffer overflow: Dejavu all over again".
由于缓冲区溢位问题近年来在安全性领域中已受到瞩目,这一资料是相当令人灰心的。
The data are extremely discouraging since the buffer overflow problem has been widely known in security circles for years.
一般地,攻击者利用缓冲区溢位得到机器上的交谈式Session (shell)。
Commonly, attackers exploit buffer overflows to get an interactive session (shell) on the machine.
例如,外部使用者可以利用的网路伺服器程序中的缓冲区溢位,可能使攻击者登入到机器。
For example, a buffer overflow in a network server program that can be tickled by outside users may provide an attacker with a login on the machine.
同样地,当缓冲区溢位时,额外的资料会摧残程序将来可能要存取的其它有用的资料。
Likewise, when a buffer overflows, the excess data may trample on other meaningful data that the program might wish to access in the future.
最惊人的缓冲区溢位是堆叠的摧毁,它会在超级使用者或root、shell 中造成后果。
The most spectacular buffer overflows are stack smashes that result in a superuser, or root, shell.
应用推荐