什么是堆栈随机化以及它如何防止缓冲区溢出攻击? [英] What is Stack Randomization and how does it prevent buffer overflow attack?

问题描述

我从一本书中读到缓冲区溢出可能被用作注入攻击系统的漏洞利用代码的方法.而堆栈随机化是防止此类攻击的有效方法之一.

I read from a book that Buffer Overflow might be used as a way to inject exploit code which will attack a system. And Stack Randomization is one of those effective ways to prevent such attacks.

我不明白什么是堆栈随机化以及它如何防止这些攻击?

I can't understand what is Stack Randomization and how it prevents those attack?

推荐答案

代替 Stack Randomization 的技术被称为 地址空间布局随机化 (ASLR).这背后的理论是尝试随机化项目在内存中的位置，使注入恶意代码的任务更加困难.一些缓冲区溢出和堆栈溢出攻击依赖于了解项目在内存中的位置，以便能够注入可以进行有效内存引用的代码.

Instead of Stack Randomization the technique to defeat (or make more difficult) stack or buffer overflows is called Address space layout randomization (ASLR). The theory behind this is to attempt to randomize where items are in memory to make the task of injecting malicious code more difficult. Some buffer overflow and stack overflow attacks depend on knowing where items are located in memory to be able to inject code that can make valid memory references.

这一切的难点在于，即使有了这样的机制，仍有可能注入自包含代码，这些代码在运行时可以进行有效的相对内存引用，从而允许恶意代码执行.

The difficulty in all this is that even with such mechanisms in place it may still be possible to inject self contained code that can make valid relative memory references when running allowing malicious code to execute.

结帐 这篇关于 stackoverflow 的帖子 包含指向有关缓冲区溢出的更多信息的链接.

Checkout this posting on stackoverflow which contains links to more information on buffer overflows.

这篇关于什么是堆栈随机化以及它如何防止缓冲区溢出攻击?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！