Links
Quick overview of relevant Linux security documents.
>>Secure Software
>>Secure Programming
>>Chrooting
>>Buffer Overflow
>>Network Attack
>>HLA
>>Exploit-Kit
S e c u r e P r o g r a m m i n g
Creating Secure Software
This paper describes in a few pages the main points one has to
keep in mind when writing programs for Linux / Unix. It treats the
more obvious aspects like "Check All User Supplied Data" as well
as less obvious ones like all the issues which have to be kept in
mind whenever you open a file. At the end it also list a few
technology projects which aim to provide anti-stack smashing
measures.
>>Read the Paper
S e c u r e P r o g r a m m i n g
Secure Programming for Linux and Unix HOWTO
The author of this HowTo responds to the question "why did you write this book"
in the following way:
Over the last several years I've noticed that many
developers for Linux and Unix seem to keep falling into the same
security pitfalls, again and again. Auditors were slowly catching
problems, but it would have been better if the problems weren't put
into the code in the first place. I believe that part of the problem
was that there wasn't a single, obvious place where developers could
go and get information on how to avoid known pitfalls. The information
was publicly available, but it was often hard to find, out-of-date,
incomplete, or had other problems. Most such information didn't
particularly discuss Linux at all, even though it was becoming widely
used! That leads up to the answer: I developed this book in the hope
that future software developers won't repeat past mistakes, resulting
in more secure systems.
>>Read the HowTo
S e c u r e P r o g r a m m i n g
Chrooting daemons and system processes HOW-TO
This HowTo does not really explain you how to write secure
programs, but often you will be in a position where you need to
run a program where you cannot judge the quality and maturity of
the code. Chrooting daemons is a practical method of adding an
additional layer of security to your system. But keep in mind that
there are ways to break
a chroot jail.
>>Read the Paper
E x p l o i t i n g S e c u r i t y H o l e s
A Buffer Overflow Study - Attacks & Defenses
In order to really understand the problems that arise from not
taking into account security when writing programs I think it is
most instructive to write an exploit yourself. This gives you also
a feeling on how much effort an expert has to put in writing an
exploit which is often less than an hour from bug discovery to
having a running exploit.
In their paper "A Buffer Overflow Study - Attacks & Defenses"
Pierre-Alain Fayolle and Vincent Glaume provide in detail the
different methods on which exploiting of security vulnerabilities
rely. In particular the article explains what are, and how to
exploit Stack overflows and Heap overflows.
>>Read the Paper
E x p l o i t i n g S e c u r i t y H o l e s
Other Links to Buffer Overflow Exploit Demonstrations
Here is a small collection of other links to papers that treat the
subject of exploiting buffer overflows. When you use the titles of
these papers in google you will find more exhaustif lists of
exploit writing related papers.
>>How to write Buffer Overflows
>>BUFFER OVERFLOWS DEMYSTIFIED
>>DESIGNING SHELLCODE DEMYSTIFIED
>>Writing Buffer Overflow Exploits -
a Tutorial for Beginners
>>Stack Smashing Vulnerabilities In The Unix Operating System
>>A more exhaustif list
E x p l o i t i n g S e c u r i t y H o l e s
Windows Buffer Overflow Exploits
Here you will find information on how to do buffer overflow
exploits on MS Windows systems.
>>How to write Buffer Overflows
E x p l o i t i n g S e c u r i t y H o l e s
UNIX Assembly Codes Development for Vulnerabilities Illustration Purposes
Certain problems like "Short code length", "Position
independence", "Zero free code", etc. are always to solve in order
to successfuly write an exploit. This paper discusses how to solve
the common problems for different processor architectures and
operating systems. The appendix consists of a code-snipet library
to be used in custom exploits.
>>Read the Paper
E x p l o i t i n g S e c u r i t y H o l e s
UNIX ELF PARASITES AND VIRUS
This paper documents the algorithms and implementation of UNIX
parasite and virus code using ELF objects
>>Read the Paper
N e t w o r k A t t a c k
What you don't know will hurt you.
After having the shell code in a string an attacker has to gather
information about the target host. The author describes the
contents of this paper as follows:
The first stage to a successful network attack is the information
gathering stage. The attacker will collect as much information
possible on the target host in order to generate a vulnerability
list. Relivant to this list will be OS type, OS version,
services, service daemon versions, network topology*,network
equipment, firewalls, intrusion detection sensors etc.. The
purpose of this document is to outline two models of information
gathering . The first model is "noisy" where the attacker uses
all known resources with little reguard for what footprints* might
be left on the target. The second is "stealthy". Wherein the
attacker uses methods and packages designed to subvert logging
facilities on the target. This approach minimizes administrator
awareness and accountability. I will examine a few systems,
ranging from Solaris 2.x Sparc systems to Linux/i386
architectures. I will then discuss how we can harden a system to
minimize information leakage.
>>Read the Paper
D o c u m e n t a t i o n
Tool Interface Standard (TIS) Executable and Linking Format (ELF) Specification
On this page from the Linux Standard Base you can
find the ELF (linux executable format) specification.
>>Read the Paper
D o c u m e n t a t i o n
Microsoft Portable Executable and Common Object File Format (PECOFF)
On this page you can find the PECOFF (windows executable format)
specification.
>>Read the Paper
D o c u m e n t a t i o n
Quite extensive list of security papers and articles
On this page you can find a quite extensive list of security related papers and articles.
>>Read more
T o o l s
The HLA (High Level Assembly) language
You don't want to go down to the x86 assembly language level,
really! But sometimes you do not have a choice. This tool makes
x86 assembly programming the least painful as possible. Here is
what the author of the tool says:
Some people seem to be confused by the phrase "High Level
Assembler." They seem to think that if you learn assembly language
programming with HLA you're not really learning "real assembly
language." Nothing could be farther from the truth. HLA is "real"
assembly language, just made easier for beginners so they can
learn the language faster than ever before!
>>Get the Tool
T o o l s
Exploit Kit
This is the result of my personal experiments with buffer overflows.
It is a C executable to create an attack string nearly fully
automated and an example vulnerable program to demonstrate its
use. In the C file you will find the detailed step by step
instructions on how to use it. You probably will want to read some
of the background information given in the papers mentioned above
in order to understand what is going on.
>>exploit-1.c >>vulnerable.c