Sunday, March 25, 2007
Cohen on Howard: Chapters 5 to 8
Chapters 5 to 8 cover buffer overruns, access control lists, least privileges, and basic cryptography errors.
Cohen's review of chapters 5 to 8 is lumped together into 3 paragraphs, ending with:
While some of the code samples are definitely very Windows-specific (e.g., how to modify your execution token to restrict your operating permissions so as to restrict the value of exploiting your program), some of the samples and concepts are technology agnostic and very important.
Chapter 5, for example, focuses on buffer overruns and their ilk. These constantly feature on the SANS Institute's Annual Top 20 Security Attack Targets list.
Cohen's review of chapters 5 to 8 is lumped together into 3 paragraphs, ending with:
If you don't know why C leads to off-by-one errors that lead to storage errors that lead to programs doing bad things, these chapters are worth reading. If you like examples without all the facts to make the point, but lots of lines of code showing how to set access controls in Windows, this section of the book is for you. It is not for the same people that section 1 was for, but the audience shift should be obvious enough for most readers to ignore one part or the other appropriately. My summary note on these chapters says "Bad design + bad programmers => Bad code". I think that is telling.
While some of the code samples are definitely very Windows-specific (e.g., how to modify your execution token to restrict your operating permissions so as to restrict the value of exploiting your program), some of the samples and concepts are technology agnostic and very important.
Chapter 5, for example, focuses on buffer overruns and their ilk. These constantly feature on the SANS Institute's Annual Top 20 Security Attack Targets list.
