A Study on the Effect of Format String on Secure Programming in C Language

Hyung Bong Lee; Hong Jun Tcha; Hyung Jin Choi

A Study on the Effect of Format String on Secure Programming in C Language

Hyung Bong Lee

Hong Jun Tcha

Hyung Jin Choi

The KIPS Transactions:PartC, Vol. 8, No. 6, pp. 693-702, Dec. 2001

10.3745/KIPSTC.2001.8.6.693, PDF Download:

Abstract

One of the major characteristics of C language is that it allows us to use pointer type variables to access any area of virtual address space. So, we can read/write/execute from/to virtual memory area not controlled delicately by operating system. We can access such memory area by using format string and it can be a vulnerability of C language from the point of secure programming. In this paper, we analyze in detail the process of security attack based on format string and then exploit a new virus style attack which is stepwise and durable with some actual scenarios to warn the severity of it, and grope for some preliminary responding actions.

Statistics

Show / Hide Statistics

Statistics (Cumulative Counts from September 1st, 2017)
Multiple requests among the same browser session are counted as one view.
If you mouse over a chart, the values of data points will be shown.

Cite this article

[IEEE Style]

H. B. Lee, H. J. Tcha, H. J. Choi, "A Study on the Effect of Format String on Secure Programming in C Language," The KIPS Transactions:PartC, vol. 8, no. 6, pp. 693-702, 2001. DOI: 10.3745/KIPSTC.2001.8.6.693.

[ACM Style]

Hyung Bong Lee, Hong Jun Tcha, and Hyung Jin Choi. 2001. A Study on the Effect of Format String on Secure Programming in C Language. The KIPS Transactions:PartC, 8, 6, (2001), 693-702. DOI: 10.3745/KIPSTC.2001.8.6.693.