Skip to content
/ CMSC330 Public

My course notes for CMSC 330 (Organization of Programming Languages)

9 stars 4 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

PranavRudra/CMSC330

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

88 Commits
ADTs.md
ADTs.md
 
 
Automata.md
Automata.md
 
 
GC.md
GC.md
 
 
Lambdas.md
Lambdas.md
 
 
OCaml.md
OCaml.md
 
 
Parsing.md
Parsing.md
 
 
Ruby.md
Ruby.md
 
 
Rust.md
Rust.md
 
 
Security.md
Security.md
 
 

Repository files navigation

Security

Buffer Overflow

  • writing data beyond the bounds of the buffer
  • this extra data can overwrite the instruction pointer of the stack frame
  • when caller returns, instruction pointer can point to buffer itself, which may contain malicious code that is executed

CLI Injection

  if ARGV.length < 1 then
    exit 1
  end
  
  system("cat" + ARGV[0])   # this can execute malicious code (e.g. ruby file.rb "hello.txt; rm hello.txt")
                            # system will then execute the commands cat hello.txt AND rm hello.txt
                            # happens because the string "hello.txt; rm hello.txt" is treated as ARGV[0]
  
  exit 0

SQL Injection

  result = db.execute "SELECT * FROM Users WHERE Name='#{user}' AND Password='#{pass}' 
  
  # suppose we pass in user=frank' OR 1=1; --, pass=whocares
  # query that is executed is SELECT * FROM Users WHERE Name='frank' OR 1=1; -- AND Password='whocares'
  # the password part is completely commented out and all users are retrieved since OR 1=1 is always true 
  # the big flaw that occurred that we failed to prevent was data being executed as code (we didn't ensure that data can't be code)

About

My course notes for CMSC 330 (Organization of Programming Languages)

Topics

ruby rust ocaml

Security policy

Security policy
Activity

Stars

9 stars

Watchers

1 watching

Forks

4 forks
Report repository

Releases

No releases published

Packages