bound checking
When manipulating buffers, it consists in verifying that the involved buffer sizes are compliant with the operation.
brute forcing
It is the process of trying various possibilities until one matches. bound violation
What happens when too much data is copied into a destination buffer and overflows it.
.bss
Memory area where the uninitialized global or static data are stored. buffer
Array of datas (usually characters) chpax
Tool related to PaX to enable or disable this patch feature. daemons
Small processes running indefinitely in background.They spend most of their time waiting for an event or period when they will perform some task.
.data
Memory area where the initialized global or initialized static data are stored.
deb
File extension for Debian packages.
dlmalloc Doug Lea Malloc Library
Malloc Library used by the GNU libc.
DoS Denial of Service
Also known as Nuke attack, it aims at smashing a machine by forcing it to use all its resource in a distorted way.
EBP
Under the intel x86 family of microprocessor it is the mnemonic of the frame pointer. %ebp
See also EBP. It is the way to write ebp with AT&T syntax.
EIP
Under the intel x86 family of microprocessor it is the mnemonic of the Instruction Pointer, e.g the pointer to the next instruction.
ESP
Under the intel x86 family of microprocessor it is the mnemonic of the stack pointer.
%esp
See also ESP. It is the way to write esp with AT&T syntax EUID
The effective uid, e.g the uid of the user executing a process. frame
It consists of the arguments and stack area for the local variables.
FIFO First In, First Out
Property of a list of elements, when the first added is the first removed.
frame pointer
This is the pointer to the current frame.
function pointer
A variable that contains the address of a function.
gcc
The GNU C compiler.
gdb
The GNU debugger.
GOT Global Offset Table
Indirection table which allows, in a program, to find the global and shared objects location in memory.
Grsecurity
Linux Kernel patch offering a large set of security enhancements.
heap
Portion of memory organized randomly or as a stack and used for dynamic memory allocation.
ICMP Internet Control Message Protocol
Protocol allowing IP devices to exchange information, mainly when problems occurs.
IDMEF Intrusion Detection Message Exchange Format
Format definition for alert messages which are generated by an IDS.
LD_LIBRARY_PATH
Path where the dynamic libraries must be searched.
LDJPRELOAD
Environment variable which designs a library loaded prior to the libc.
libc
Standard C library.
LibSafe
A shared library that overwrites some unsafe function of the libC. LIFO
Last In First Out; the last data that was stored in the LIFO structure will be the first one to go out the structure.
NIDS Network Intrusion Detection System
System analyzing the packets flowing through a network, to detect any anormal activity and any attempt to compromise the security of the network.
NOP
Machine langage instruction that does nothing.
opcode
Machine langage instruction.
OpenWall
Security-oriented Kernel patch for Linux, providing non-executable stack, restrictions in /tmp and /proc...
PaX
Linux Kernel patch providing non-executable stack and heap.
payload
The malicious code.
Prelude
An hybrid Intrusion Detection System. Prelude-lml
Prelude component managing among others syslog messages. process
Or processus, it is the image of a running program plus its environment.
PTE Page Table Entry
A page table entry specifies the physical address and the permissions of a page. return-into-libc
Kind of attack consisting in overwriting the next instruction address with the address of another function already loaded in memory.
rpm
File extension for Red Hat packages, also used by Mandrake.
segmentation fault
An error in which a running program attempts to access memory not allocated to it.
shellcode
Contains a serie of opcodes which final goal will be to launch a shell.
SIGSEGV
Signal indicating an invalid memory reference.
stack
LIFO stacks are a way of storing temporarely informations. They are used for mathematical expressions evaluation, recursive subroutine calling, passing arguments and information during a function call on high level langage.
Stackguard
A layer over the gcc compiler that does some extra verification and checks the return address.
StackShield
Another layer over the gcc compiler that does some extra verification and checks the return address.
stack pointer
This is the pointer to the top of the stack.
SUID
The uid used durng the execution of a process. syslog
Unix logging system, based on the syslogd daemon, with log messages classified by facility and level.
.text
Memory area where the code is stored.
TLB Translation Lookaside Buffer
The translation lookaside buffer is a table containing cross-references between virtual and real addresses of memory pages.
trampoline
Mechanism allowing to know the real address of a nested function at runtime.
UDP User Datagram Protocol
Layer 4, unconnected, protocol.
UID
The uid of a process identifies the user who executes the process.
Virtual Pointer
A pointer to the VTable.
VPTR
See Virtual Pointer.
VTable
An array that points to the body of each virtual functions in a c++ class.
word
Usually a word is the width of the bus. For the pentium family it is 32 bits for example. worm
Slang terminology for automated intrusion agent.
x86
Used when speaking of the set of microprocessor from intel: 8086, 80186, 80286, ... , Pentium.
No comments:
Post a Comment