Exceptions by hedongchenchen

VIEWS: 3 PAGES: 20

									CSE Four Fiddy One –
   Section 7

Project 2 hints
VM (process memory, buffer
overrun attacks)
                             1
     Webserver w/user threads
   Use pthreads for Web server-related parts
    (parts 4 and 6)
   We won’t test sioux with user threads




                                                2
Project 2 – questions?




                         3
   Virtual Memory (quick recap)
Process’ VM:      Physical memory


                     Another
                     process




                      Disk


                        (Inspired from wikipedia)   4
   Virtual Memory (quick recap)
                Process’
Process’ VM:                  Physical memory
               Page table


                                 Another
                                 process

               page frame #




                                  Disk


                                                5
       Virtual Memory (quick recap)
                    Process’
    Process’ VM:                  Physical memory
                   Page table


                                     Another
                                     process

                   page frame #




                                      Disk

   How can we use paging to set up sharing of
    memory between two processes?                   6
        Process Memory Organization
                                                  0x00000000
                               Code
       TEXT
                      Initialized/uninitialized      static int a = 3;
                      global/static variables
       DATA                    Heap                   char* buff = (char*)malloc(…)




       STACK              Program stack               What goes here?
                                                  0xBFFFFFFF
   In figure, stack grows downwards, but it’s not necessary
   How can you determine the direction in which stack grows?
   What is in the address range 0xC0000000 to 0xFFFFFFFF?                        7
     Page Replacement Algorithms
   What you are NOT doing this quarter:
   Project 3 - Your job: Replacement Algorithms
       Given:
            random
       You need to write:
            FIFO
            LRU Clock
            One of your choice
                  A few possibilities:
                       True LRU (e.g. via storing full timestamp)

                       Variations on LRU Clock (enhanced second-chance, etc)

                       LFU/MFU

                       Your own!

       You can write more than 3 if your experiment focuses on
        replacement algorithms.
   So we are going to go over some of these instead.

                                                                                8
         Page Replacement Algorithms
   FIFO (First in/first out)
        Replace the oldest page with the one being paged in
        Not very good in practice, suffers from Belady’s Anomaly
   Second-Chance (Modified FIFO)
        FIFO, but skip referenced pages
        VAX/VMS used this
   Random
        Duh
        Better than FIFO!
   NFU (Not Frequently Used)
        Replace the page used the least number of times
        Better variation: Aging ensures that pages that have not been used for a while go away.
   NRU (Not Recently Used)
        Replace a page not used since last clock cycle
   LRU (Least Recently Used)
        Replace the least recently used page
        Works well but expensive to implement. (More efficient variants include LRU-K)
   LRU Clock (Modified LRU)
        Replace the least recently used page, with a hard limit on the max time since used
   Clairvoyant
        Replace the page that’s going to be needed farthest in the future.


                                                                                                   9
  Example of Belady’s Anomaly
Page Requests
 321032432104




                                10
  Example (Page Faults in Red)
3 frames        3 2 1 0 3 2 4 3 2 1 0 4


                3 3 3 0 0 0 4 4 4 4 4 4
Frame 1

                 2 2 2 3 3 3 3 3 1 1 1
Frame 2

                    1 1 1 2 2 2 2 2 0 0
Frame 3


                9 Page Faults
                                     11
     Example (Page Faults in Red)
   4 frames
                  3 2 1 0 3 2 4 3 2 1 0 4
   Frame 1
                  3 3 3 3 3 3 4 4 4 4 0 0
   Frame 2         2 2 2 2 2 2 3 3 3 3 4

   Frame 3            1 1 1 1 1 1 2 2 2 2

   Frame 4               0 0 0 0 0 0 1 1 1

                   10 Page Faults
                                         12
Stack Overflow Attacks




                         13
         Example
       What does the process’ memory look like for the
        following code:
        void foo(int a, int b, int c) {
           char buffer1[5];
           char buffer2[10];
                                    We’re here w/ execution
        }
        void main() {
                                                Code
           foo(1,2,3);                     Global variables
                                                               Heap
        }

                                                              Program
                                                                stack
Example taken from “Smashing The Stack For Fun And Profit ”             14
How would you smash the stack?


   3 words   buffer2

   2 words   buffer1
   1 word     SFP
   1 word     RET
   1 word      a
   1 word      b
   1 word
               c          Bottom of stack
              Word size   (0xBFFFFFFF)
                                            15
                (4B)
         Buffer overflows
       What’s the bug?
        void foo(char* str) {
           char buffer[5];
           strcpy(buffer, str);
        }
        void main() {
           char large_string[256];
           …
           foo(large_string);
        }

Example taken from “Smashing The Stack For Fun And Profit ”   16
  The stack contents
                                   Small
                                   addr
void foo(char* str) {
   char buffer[5];
   strcpy(buffer, str);
}
void main(int argc,       buffer
          char* argv[])
{                         SFP
   …                      RET
   foo(argv[1]);          *str
}                                  Large
                                   addr
                                     17
  The stack contents
                                     Small
void foo(char* str) {                addr
   char buffer[5];
   strcpy(buffer, str);
}
void main(int argc,
          char* argv[]) {   buffer
   foo(argv[1]);
}                           SFP
                            RET
• What cmd-line argument
should attacker provide?    *str
                                     Large
          - Length?                  addr
          - Contents?                  18
         Shell code
   Program to bring up a shell:
#include <stdio.h>
void main() {
    char *name[2];
    name[0] = "/bin/sh";
    name[1] = NULL;
    execve(name[0], name, NULL);
}
   If you de-assemble, you get:
    "\xeb\x1f\x5e\x89\x76\x08\x31\xc0\x88\x46\x07\x89\x46\x0c\xb0\x0b"
    "\x89\xf3\x8d\x4e\x08\x8d\x56\x0c\xcd\x80\x31\xdb\x89\xd8\x40\xcd”
    "\x80\xe8\xdc\xff\xff\xff/bin/sh";


                                                                     19
       More information
   Smashing The Stack For Fun And Profit, Aleph
    One:

    http://www.cs.washington.edu/education/cour
    ses/cse599g/CurrentQtr/stack.txt




                                              20

								
To top