Hacker News new | past | comments | ask | show | jobs | submit login

Format string attacks have occurred in the wild. [0]

> Originally thought harmless, format string exploits can be used to crash a program or to execute harmful code.

They are not the same as puts. Puts can allow you to potentially read memory.

A format string attack can allow you to write to memory.

[0] https://en.wikipedia.org/wiki/Uncontrolled_format_string




Yes if the attacker has control of the string (like if you do printf(getenv("FOO")) or something equally stupid).


So an attacker able to write to memory would be able to elevate into the ability to... write to memory. That doesn't sound particularly worrisome.


In a lot of cases the attacker can only write to a limited range of memory addresses. If that string happens to fall in that range, they can use it to write to other addresses and/or find out where in memory certain things are stored.

So their ability to write to a limited range of addresses can be extended to a larger range.


If the attacker can write to string memory, they can overwrite "%s\n\0Hello World" just as easily as "Hello World\n".




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: