Question

The least-privilege principle can be used to effectively defend against the race condition attacks discussed in this chapter. Can we use the same principle to defeat buffer-overflow attacks? Why or why not? Namely, before executing the vulnerable function, we disable the root privilege; after the vulnerable function returns, we enable the privilege back.

Answer 1

Answer and Explanation:

I felt that we cannot actually overcome buffer-overflow attacks because it will really reduced the effect of the buffer-overflow and If we are to apply the least-privilege principle, that actually means that we do not have the root privilege when executing vulnerable function,which will make us not to get the root shell when attacking successfully and may lead to getting a normal shell meaning what we can attack will be limited.

Even though we lose the privilege when executing the vulnerable function, and thus cannot get the root privilege when winning the attack, it can still do harm to the victim. Therefore when we write a bad file which consists of a extremely large quantity of meaningless and un- useful codes, into a buffer, it may make the stack full of meaningless and less important codes, leading to overwriting some area where important data is store. Although the buffer-overflow still succeeds, but we do not need root privilege when finishing the above steps which is why even if we use the principle, we still cannot defeat all conditions of buffer-overflow attacks.