up: ðããã°ã©ãã³ã°ææ³
ðã»ãã¥ã¢ããã°ã©ãã³ã°/é²è¡çããã°ã©ãã³ã°
ã»ãã¥ã¢ããã°ã©ãã³ã°(Secure Programming), ã»ãã¥ã¢ã³ãŒãã£ã³ã°, ãŸãã¯é²è¡çããã°ã©ãã³ã°(Defensive Programming)ãšãåŒã°ãã.
ã·ã¹ãã ãã¢ããªã±ãŒã·ã§ã³ã®è匱æ§ãäºåã«å»é€ã, æ å ±æŒæŽ©ãä¹ã£åã, äºæããªãã·ã¹ãã ããŠã³ãªã©ãé²ãããã®ããã°ã©ãã³ã°ææ³. ããããããã«ãŒãªã©ã®æªãäººã®æ»æã«åããé²åŸ¡ããã°ã©ã ãæžãããš.
å€éšãšã®å¢çã«ãããåŒæ°ãã§ãã¯ãªã©.
ðå¥çŽããã°ã©ãã³ã°(Contract Programming)
äž»ãªè匱æ§ãšå¯Ÿç
Exploit
ã³ã³ãã¥ãŒã¿é¢é£ã®ãœãããŠã§ã¢ãããŒããŠã§ã¢ã®è匱æ§ãå©çšããæªæããè¡çºã®ããã«æžããã, ã¹ã¯ãªãããŸãã¯ããã°ã©ã .
- ãšã¯ã¹ããã€ã - Wikipedia
- ãããã¡ãªãŒããŒã©ã³ - Wikipedia (Exploit ã«é¢é£ãã話é¡ããã
Buffer Overflow Attack
ã¹ã¿ãã¯é åã«ã¯ããã°ã©ã ã«ãŠã³ã¿ã«ãªã¹ãã¢ãããã¹ããµãã«ãŒãã³ããã®ãªã¿ãŒã³ã¢ãã¬ã¹ãæ ŒçŽãããŠããã, ãã®ãªã¿ãŒã³ã¢ãã¬ã¹ããããã¡ãŒãªãŒããŒã©ã³ããããŒã¿ã§æžãæããŠããŸãããšã«ãªã. æªæã®ããã³ãŒããæ³šå ¥ã, ãµãã«ãŒãã³ããã®ãªã¿ãŒã³ã¢ãã¬ã¹ãæžãæããããšã§, ä»»æã®ã³ãŒããå®è¡ã§ãã.(Exploit)
Return-to-libc Attack
æ»æè ã¯æªæããã³ãŒããããã°ã©ã ã«æ³šå ¥ããããšãªã, åã«æ¢åã®é¢æ°ãåŒã³åºãã ãã§æ»æãè¡ã.
Return-to-libc æ»æ - Wikipedia
Cèšèªã§ã¯ gets ã¯ã€ãã£ãŠã¯ãããªã
C èšèªã¯é åã®å¢çããã§ãã¯ããªããã, ãã®ãããªå¯èœæ§ããã. 以äžã¯, å ¥åãµã€ãºããã§ãã¯ããŠããªã®ã§, ãããã¡ãªãŒããŒã©ã³ãåŒãèµ·ãã.
- gets ãš fgets
- scanf ãš sscanf, fscanf
SQL Injection
SQL ã€ã³ãžã§ã¯ã·ã§ã³ (è±: SQL Injection) ãšã¯, ã¢ããªã±ãŒã·ã§ã³ã®ã»ãã¥ãªãã£äžã®äžåãæå³çã«å©çšã, ã¢ããªã±ãŒã·ã§ã³ãæ³å®ããªã SQL æãå®è¡ãããããšã«ãã, ããŒã¿ããŒã¹ã·ã¹ãã ãäžæ£ã«æäœããæ»ææ¹æ³ã®ããš. ãŸã, ãã®æ»æãå¯èœãšããè匱æ§ã®ããš.
ã»ãã¥ã¢ããã°ã©ãã³ã°Topics
å¥çŽããã°ã©ãã³ã°ãšé²è¡çããã°ã©ãã³ã°ãšã®éã
å¥çŽããã°ã©ãã³ã°ã¯å®£èšç, é²è¡çããã°ã©ãã³ã°ã¯æç¶ãç.