未初始化值永远存在安全隐患? [英] Are uninitialized values ever a security risk?
问题描述
在学习C,我犯了一些错误和字符数组初始化被印刷的元素。
While learning C, I made some mistakes and printed elements of a character array that were uninitialized.
如果我扩大了数组的大小是相当大的,比如说大小为1万台,然后打印的内容,什么出来并不总是用户无法读取,但似乎含有一些运行时信息。
If I expand the size of the array to be quite large, say 1 million elements in size and then print the contents, what comes out is not always user unreadable, but seems to contain some runtime info.
考虑以下code:
#include <stdio.h>
main() {
char s[1000000];
int c, i;
printf("Enter input string:\n");
for (i = 0; ( c = getchar()) != '\n'; i++) {
s[i] = c;
}
printf("Contents of input string:\n");
for (i = 0; i < 999999; i++) {
putchar(s[i]);
}
printf("\n");
return 0;
}
只是通过输出滚动,我发现的东西,如:
Just scrolling through the output, I find things such as:
???l????????_dyldVersionNumber_dyldVersionString_dyld_all_image_infos_dyld_fatal_error_dyld_shared_cache_ranges_error_string__mh_dylinker_header_stub_binding_helper_dyld_func_lookup_offset_to_dyld_all_image_infos__dyld_start__ZN13dyldbootstrapL30randomizeExecutableLoadAddressEPK12macho_headerPPKcPm__ZN13dyldbootstrap5startEPK12macho_headeriPPKcl_ZN4dyldL17setNewProgramVarsERK11ProgramVars_ZN4dyld17getExecutablePathEv_ZN4dyld22mainExecutable$p$pboundEv_ZN4dyld14mainExecutableEv__ZN4dyld21findImageByMachHeaderEPK11mach_header__ZN4dyld26findImageContainingAddressEPKv
???l????????_dyldVersionNumber_dyldVersionString_dyld_all_image_infos_dyld_fatal_error_dyld_shared_cache_ranges_error_string__mh_dylinker_header_stub_binding_helper_dyld_func_lookup_offset_to_dyld_all_image_infos__dyld_start__ZN13dyldbootstrapL30randomizeExecutableLoadAddressEPK12macho_headerPPKcPm__ZN13dyldbootstrap5startEPK12macho_headeriPPKcl_ZN4dyldL17setNewProgramVarsERK11ProgramVars_ZN4dyld17getExecutablePathEv_ZN4dyld22mainExecutablePreboundEv_ZN4dyld14mainExecutableEv__ZN4dyld21findImageByMachHeaderEPK11mach_header__ZN4dyld26findImageContainingAddressEPKv
和还
苹果INC.1&放大器;????0 $ U 0 * H ?? OT CA00ple认证Authority10U
?䑩?? ?? GPŸ^ - ???????6 WLU ????吉隆坡 - 0> P A ????? F $kУ????ž
?g?[?73 ?? M&我?? R'] _ ??? D5#KY ????? P 21 XPG? ?ˬ,
运?? 0 ?? C 15 = + I(?? ??ε^ ?? =?????????B 13 q GSU / A ???? P 25〜LE一个LKP ?? TB结果
?!T&LT?;
????????A 3 ??? 0X Z2 ^ h ??? ES G ^êI V 3EW¯¯?? - ????????Z0 v0U 0U 0 0 U + iG的V 10 K +? @ ?? GM ^ 0U#0?+?iG的·v -6 K -1。@ ?? GM ^ 0?ù
0?0?的 H 24 CD0 ?? 0 + HTTPS:?//www.apple.com/appleca/0 + 0 ????依赖
该证书由任何一方承担验收再
适用标准条款和使用条件,合格证
波利?\\ 6?Lx的?팛?? ??W¯¯V·w0O ???? = G7?@?Ա?ؾ?的??? D'yO4آ>·X·K ??} 9?的? 8I 30 O
01 的H 18并〔d c3w:???!?????,V ??ں所以?? 6 U7 ?? ??? 2B Q〜R'B $ * ??平方公尺C k的2 p ???????? 7?UU!0?0 ?? 0
Apple Inc.1&0$U ?0?*?H??ot CA0?"0ple Certification Authority10U ?䑩 ??GP??^y?-?6?WLU????Kl??"0?>?P ?A?????f?$kУ????z ?G?[?73??M?i??r?]?_???d5#KY?????P??XPg? ?ˬ, op??0??C??=?+I(??ε??^??=?:??? ?b??q?GSU?/A????p??LE~LkP?A??tb
?!.t?< ?A?3???0X?Z2?h???es?g^e?I?v?3e?w??-??z0?v0U?0U?0?0U+?iG?v ??k?.@??GM^0U#0?+?iG?v ??k?.@??GM^0?U 0?0? ?H??cd0??0+https://www.apple.com/appleca/0?+0????Reliance on this certificate by any party assumes acceptance of the then applicable standard terms and conditions of use, certificate poli?\6?L-x?팛??w??v?w0O????=G7?@?,Ա?ؾ?s???d?yO4آ>?x?k??}9??S ?8ı??O 01?H??[d?c3w?:,V??!ںsO??6?U٧??2B???q?~?R??B$*??M?^c?K?P????????7?uu!0?0??0
我相信有一次我的 $ PATH 环境变量,甚至被打印出来。
I believe one time my $PATH environment variable was even printed out.
能否未初始化变量的内容不断带来安全风险?
Can the contents of an uninitialized variable ever pose a security risk?
更新1
更新2
因此,似乎从回答清楚,这确实是一个安全隐患。这让我吃惊。
So it seems clear from the answers that this is indeed a security risk. This surprises me.
难道就没有办法了一项计划,宣布保护其内存的内容,让操作系统限制比初始化的内存程序之外的任何访问它?
Is there no way for a program to declare its memory content protected to allow the OS to restrict any access to it other than the program that initialized that memory?
推荐答案
是的,至少在其中的数据可以被发送给外部用户的系统。
Yes, at least on systems where the data may be transmitted to outside users.
目前已经有全系列的网络服务器(甚至是iPod的),你得到它的内存转储与其他过程的内容袭击 - 因此获得的类型和操作系统版本的详细信息,在其他应用程序中的数据连之类的东西密码表
There have been a whole series of attacks on webservers (and even iPods) where you get it to dump the contents of memory from other process - and so get details of the type and version of the OS, the data in other apps and even things like password tables
这篇关于未初始化值永远存在安全隐患?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
