Buffer Overflow

Do an Internet search on the term buffer overflow, and you'll come up with hundreds of thousands of links, most related to security. In the National Institute of Standards and Technology's ICAT index of computer vulnerabilities, six of the top 10 involve buffer overflows. In 1999, buffer overflow was named the No. 1 computer vulnerability. Five years later, it's still a major problem.

If you've ever poured a gallon of water into a pint-size pot, you know what overflow means ——water spills all around.

Inside a computer, something similar happens if you try to store too much data in a space designed for less. Input normally goes into a temporary storage area, called a buffer, whose length is defined in the program or the operating system.

Ideally, programs check data length and won't let you input an overlong data string. But most programs assume that data will always fit into the space assigned to it. Operating systems use buffers called stacks, where data is stored temporarily between operations. These, too, can overflow.

When a too-long data string goes into the buffer, any excess is written into the area of memory immediately following that reserved for the buffer -- which might be another data storage buffer, a pointer to the next instruction or another program's output area. Whatever is there is overwritten and destroyed.

That in itself is a problem. Just trashing a piece of data or set of instructions might cause a program or the operating system to crash. But much worse could happen. The extra bits might be interpreted as instructions and executed; they could do almost anything and would execute at the level of privilege (which could be root, the highest level).

Bad Programming

Buffer overflow results from a well-known, easily understood programming error. If a program doesn't check for overflow on each character and stop accepting data when its buffer is filled, a potential buffer overflow is waiting to happen. However, such checking has been regarded as unproductive overhead - when computers were less powerful and had less memory, there was some justification for not making such checks. Moore's Law has removed that excuse, but we're still running a lot of code written 10 or 20 years ago, even inside current releases of major applications.

Some programming languages are immune to buffer overflow: Perl automatically resizes arrays, and Ada95 detects and prevents buffer overflows. However, C —— the most widely used programming language today -- has no built-in bounds checking, and C programs often write past the end of a character array.

Also, the standard C library has many functions for copying or appending strings that do no boundary checking. C++ is slightly better but can still create buffer overflows.

Buffer overflow has become one of the preferred attack methods for writers of viruses and Trojan horse programs. Crackers are adept at finding programs where they can overfill buffers and trigger specific actions running under root privilege -- say, telling the computer to damage files, change data, disclose sensitive information or create a trapdoor access point.

時文選讀

緩沖溢出

對緩沖溢出這個術語做一次因特網搜索，你將看到成千上萬的鏈接，其中大多數與安全有關。按(美國)標準與技術協會公布的 ICAT計算機安全隱患指數，在最主要的十項安全隱患中有六項涉及緩沖溢出。1999年，緩沖溢出被定為頭號計算機安全隱患。五年之后，它仍是一個重大問題。

如果你將一加侖水倒入一品脫的壺里，就知道溢出是什么意思了 ——水灑了一地。

在計算機中，如果你試圖在設計存放較少數據的空間儲存太多的數據，也會發(fā)生類似的事情。正常情況下，輸入放入臨時存儲區(qū)域，稱作緩沖區(qū)，其長度由程序或操作系統定義。

理想的情況是，程序檢查你的數據長度，不讓你輸入過長的數據串。但多數程序假設數據總是適合分配給它的空間。操作系統使用稱作堆棧的緩沖區(qū)，在兩次運算之間數據暫時存放在那里。這也能產生溢出。

當太長的數據串進入緩沖區(qū)時，超過部分馬上被寫入緊跟在為緩沖區(qū)保留的存儲區(qū)域后面的區(qū)域，它可能是另一個數據存儲緩沖區(qū)、下一個指令的指針或者另一個程序的輸出區(qū)域。不管是哪一種情況，(數據)都會因重寫而被破壞。

這本身就是個問題。弄壞一個數據或一組指令會造成程序或操作系統的崩潰。還會發(fā)生更壞的事情，額外的位有可能被解釋成指令而加以執(zhí)行，這些位幾乎可能做任何事情，在特權級上執(zhí)行(它可能是根，即較高級)。

壞的編程

緩沖溢出源于一個眾所周知、容易理解的編程錯誤。如果程序不檢查每個字符是否溢出，以及在緩沖區(qū)已滿時不停止接收數據，那么潛在的緩沖溢出就可能發(fā)生。但是，這樣的檢查被當作無收益的開銷 ——當計算機能力不強、內存不大時，不做這樣的檢查還算有些道理。摩爾定律使這個借口不復存在，但是我們仍在運行一、二十年前寫的程序，甚至有些主要應用軟件的新版本還是如此。

有些編程語言對緩沖溢出具有免疫力： Perl能自動給陣列重新定長度，Ada95能檢測和避免緩沖溢出。然而，今天用得最廣的編程語言——C語言沒有內在的超限檢查，而C語言的程序常常寫得超出字符陣列的末端。

同樣，標準的 C語言程序庫擁有很多拷貝或添加不檢查邊緣的字符串的功能。C++稍好一些，但仍會產生緩沖溢出。

緩沖溢出已經成為病毒和特洛伊木馬程序編寫者喜愛用的攻擊方法。黑客們擅長于發(fā)現他們能使緩沖區(qū)溢出并在根特權下觸發(fā)特定動作的程序，比方說，告訴計算機破壞文件、修改數據、暴露敏感信息或生成陷阱門接入點等。