ansaurus

Question

Memory invasion

Answer 1

+4 A:

You're describing a buffer overflow, and yes, they are a large source of security problems in software. If someone can overrwrite program code with arbitrary data, and that arbitrary data contains executable code of the attacker's choice, then they can essentially execute machine code with the priviledge level of the program in which the overflow occurred.

This problem usually happens when a fixed amount of storage is allocated for an unknown amount of input (from keyboard, network, API call, etc.), and the amount of input turns out to be larger than the size of the storage. In programming languages that do not perform bounds checking on array accesses, this can result in executable areas of code being overwritten. Technologies like DEP can mitigate this risk by write-protecting executable areas of memory.

sk 2009-04-22 17:31:13

Answer 2

A:

It is not that rare in languages that are not automatically memory managed. For example, a buffer overflow is a very good example of an invasion.

There are some protections against specific types of invasion (e.g., you would often get a stack overflow rather than go over other material), but any time pointers are involved it is quite easy to go over memory or code that you weren't expected to access.

Languages like Java and C# don't let you manipulate memory at a low level so the risk is mitigated.

Uri 2009-04-22 17:33:02

I knew about buffer overflows, but didn't know they were also known as a form of invasion. Thanks for the explanation

Rodrigo 2009-04-22 17:37:07

I don't think memory invasions are an official CS term. AFAIK they are actually a term from Star Trek :)

Uri 2009-04-22 17:44:08

lol... I thought I'd heard that term before. I think Uri is right :) Also, for the record, buffer/stack overflows can happen even in higher-level languages that are memory managed, but it's going to be at the layer where it meshes with native stuff -- OS API calls, native code extensions, or even bugs in the interpreter/VM itself (which can manifest in many ways).

rmeador 2009-04-22 19:19:38

Answer 3

A:

"Memory Invasion" is called a buffer or stack overflow. It is -- perhaps -- the most important vulnerability that you can exploit to find security flaws.

The standard C library is full of functions that blithely assume that input won't overflow the allotted buffer space. When the input is bigger than the buffer, you have a buffer overflow into other parts of memory. The program is no longer working correctly, and can be corrupt in subtle ways.

Read this: http://www.owasp.org/index.php/A5_2004_Buffer_Overflow

S.Lott 2009-04-22 17:34:27

Answer 4

+1 A:

A Stack Overflow can also cause this problem.

Mike 2009-04-22 17:35:07

Answer 5

A:

In C++, arrays cannot grow indefinitely. You don't have unlimited memory. Memory invasion would be caused by something like this:

int foo[100];
foo[100]=5; // writing outside the array. This might cause some problems.

Zifre 2009-04-22 17:37:32

Sorry, I intended to say they can grow as long as there's free memory.

Rodrigo 2009-04-22 17:43:49

Still, you can't really grow arrays without deleting it and creating another.

Zifre 2009-04-22 17:51:27

ansaurus

tags:

views:

answers:

Memory invasion

related questions