views:

144

answers:

5

Is there any really low level programming language that can get access the memory variable directly? For example, if I have a program have a variable i. Can anyone access the memory to change my program variable i to another value?

+1  A: 

If another process has sufficient permissions, then it can change your process's memory. On Linux, it's as simple as reading and writing the pseudo-file /proc/{pid}/mem. This is how many exploits work, though they do rely on some vulnerability that allows them to run with very high privileges (root on Unix).

Marcelo Cantos
@Marcelo - you seem to be implying that the `proc` file system is a security hole. In fact, the security hole is whatever allows the bad guys to get root privilege.
Stephen C
I quite agree, @Stephen, which is why I made this point explicitly in my answer ("...they do rely on some vulnerability...").
Marcelo Cantos
+4  A: 

Sure, unless of course the operating system protects that memory on your behalf. Machine language (the lowest level programming language) always "accesses memory directly", and it's pretty easy to achieve in C (by casting some kind of integer to pointer, for example). Point is, unless this code's running in your process (or the kernel), whatever language it's written in, the OS would normally be protecting your process from such interference (by mapping the memory in various ways for different processes, for example).

Alex Martelli
You might want to look at various debugging APIs out there. You might be surprised at just how insecure "protected" memory can be in the real world.
JUST MY correct OPINION
@ttmrichter: the point is not security, it's stability.
BlueRaja - Danny Pflughoeft
Those same debugging APIs render stability a bit of a problem too at times. Especially when cowboy coders use them to get around design problems.
JUST MY correct OPINION
+1  A: 

Short answer: yes. Long answer: it depends on a whole lot of factors including your hardware (memory management?), your OS (protected virtual address spaces? features to circumvent these protections?) and the detailed knowledge your opponent may or may not have of both your language's architecture and your application structure.

JUST MY correct OPINION
A: 

It depends. In general, one of the functions of an operating system is called segmentation -- that means keeping programs out of each other's memory. If I write a program that tries to access memory that belongs to your program, the OS should crash me, since I'm committing something called a segmentation fault.

But there are situations where I can get around that. For example, if I have root privileges on the system, I may be able to access your memory. Or worse -- I can run your program inside a virtual machine, then sit outside that VM and do whatever I want to its memory.

So in general, you should assume that a malicious person can reach in and fiddle with your program's memory if they try hard enough.

Etaoin
+6  A: 

As an example of how to change the variable in a program from “the outside”, consider the use of a debugger. Example program:

$ cat print_i.c
#include <stdio.h>
#include <unistd.h>

int main (void) {
    int i = 42;
    for (;;) { (void) printf("i = %d\n", i); (void) sleep(3); }
    return 0;
}
$ gcc -g -o print_i print_i.c
$ ./print_i
i = 42
i = 42
i = 42
…

(The program prints the value of i every 3 seconds.)

In another terminal, find the process id of the running program and attach the gdb debugger to it:


$ ps | grep print_i
 1779  p1  S+     0:00.01 ./print_i
$ gdb print_i 1779
…
(gdb) bt
#0  0x90040df8 in mach_wait_until ()
#1  0x90040bc4 in nanosleep ()
#2  0x900409f0 in sleep ()
#3  0x00002b8c in main () at print_i.c:6
(gdb) up 3
#3  0x00002b8c in main () at print_i.c:6
6           for (;;) { (void) printf("i = %d\n", i); (void) sleep(3); }
(gdb) set variable i = 666
(gdb) continue

Now the output of the program changes:

…
i = 42
i = 42
i = 666

So, yes, it's possible to change the variable of a program from the “outside” if you have access to its memory. There are plenty of caveats here, e.g. one needs to locate where and how the variable is stored. Here it was easy because I compiled the program with debugging symbols. For an arbitrary program in an arbitrary language it's much more difficult, but still theoretically possible. Of course, if I weren't the owner of the running process, then a well-behaved operating system would not let me access its memory (without “hacking”), but that's a whole another question.

Arkku