Difference between revisions of "Secure programming"

From Lazarus wiki
Jump to navigationJump to search
Line 24: Line 24:
 
The most common attack types are:
 
The most common attack types are:
 
* '''Buffer Overflow''' - When a given data overflow the amount of memory that was allocated for it.
 
* '''Buffer Overflow''' - When a given data overflow the amount of memory that was allocated for it.
  var<br>
+
'''var'''<br>
    sName : String[10];<br>
+
  sName : '''String'''[10];<br>
    ....<br>
+
  ....<br>
    sName := 'abcdefghijklmnopqrstuvwxyz';<br>
+
  sName := '' 'abcdefghijklmnopqrstuvwxyz' '';<br>
    ....<br>
+
  ....<br>
  
 
In this example we can see that for sName we gave the ability to accept only 10 chars, while we entered to the variable a content of 26 chars.
 
In this example we can see that for sName we gave the ability to accept only 10 chars, while we entered to the variable a content of 26 chars.

Revision as of 23:02, 25 February 2005

General Info

When developing a program, most likely that it will interact with the user in some way, even if that mean only reading files in the system and report the data.

Usually at schools and at university's when one start to write programs, that person learn how to receive input, while teachers usually say to that person “assume that the data you receive is valid�?. Thats when the problems begin.

From the second that a program receives an input, we can not trust any unknown input that we can not control it.

Reading from a file is an untrusted input, and so does reading users input, or accepting input from a network for example.

Why can't I trust an input ?

In order to understand why an input is dangerous, we first need to understand what is an input.

An input can be from a key stroke, and mouse movement or mouse button clicks, or from reading and accepting information from many other ways like a data stream or even system functions.

It does not matter what is the type of input, because the user can give us wrong input, and the reasons can be intentionally or by mistake. You can not control this input, and the main reason is that you can't guess what will be the input that the user will provide.

The result could be an empty (NULL) “data�? that the user provide us, an out of range number or bigger amount of chars we expected, or even an attempt to change the address of the variable that accept the input from the user. We just can not know what will the user is going to do to us.

Any “unsafe�? handle of the user input can cause for retrieving vital information that the user must not accept, and could not accept, or modification of data that the user could not do any other way, or even break the program itself.

What type of problems can we expect ?

On every type of bug you probably will find a type of attack, but I wish to give a small list of very common type of attacks, instead of writing a lot of the attack types.

The most common attack types are:

  • Buffer Overflow - When a given data overflow the amount of memory that was allocated for it.
var
sName : String[10];
....
sName := 'abcdefghijklmnopqrstuvwxyz' ;
....

In this example we can see that for sName we gave the ability to accept only 10 chars, while we entered to the variable a content of 26 chars.