SystemsSec 2018W Lecture 11

From Soma-notes
Jump to: navigation, search

Audio

Lecture 11 Audio

Notes

HTTPS

- How to set it up? - Get your public/private key pair signed by a respected authority - You can also self-sign but may encounter errors

- Current certificate is expired (Feb 2014)

- Need to get new certificate - New thing called “Let’s encrypt” that offers free certificates (only for 90 days) - Recommends downloading CertBot - Might already come with Linux distribution

Certbot

- Default commands provide useful instructions - Need to enter the webroot and url - This is to prove to Certbot that we have control of the server - Used to generate challenges that Certbot will verify

- Update the server’s configuration file with the newly generated certificates - In this case used symbolic links - Restart the server


Buffer overflows

- Make a classic C program - Typing over the buffer length - Detected stack smashing - ONLY after writing and reading the bytes - Use of canary words to detect if stack has been modified - If you were a real attacker you would try and target a buffer that wasn’t protected by it - The heap is a prime target - If we turn off the stack protection - Received a SIGSEGV from the kernel and the core is dumped - Kernel saying that you tried to access memory that was not given - Process can intercept signal and choose to do something with it - Default handler causes you to crash with segfault - What is “core dumped”? - Comes from core memory - Means that it’s written memory out

Modify C program to have a function called target in the binary but it’s never called. Goal is to make the code jump to the target function and execute. What tools can we use? GDB to figure out what’s happening with memory

“Stack Smashing for Fun and Profit” Basic idea is you find the address and then overwrite the address Might have to turn off address space randomization