[理工] 交大os

作者naoh810322 (uniqlong)

看板Grad-ProbAsk

標題[理工] 交大os

時間Thu Feb 6 22:11:28 2014

101交大 int main (int argc,char *argv[]) {char buffer[256] if(argc<2) return -1 else{ strcpy(buffer,argv[1]) return 0 }} (a)signature-base anti-virus software is able to detect mutated malware (b)signature-based anti-virus software is able to detect privacy stealing malware (c)cryptosystems are based on computation complexity (d)port scanning is a means for a cracker to detect a system's vulnerability to attack (e)the program is vulnerable to buffer-overflow attack 想問一下程式碼含義和各選項完全不知如何下手還有strcpy 和 102交大7strcopy及 strncpy之用法不好意思沒學過c 麻煩大家了！！感恩 -- Sent from my Android -- ※ 發信站: 批踢踢實業坊(ptt.cc) ◆ From: 101.12.255.192

推 tkurockman:strncpy 後面可帶一個int 指的是要copy的字數 strcpy 02/06 23:21

→ tkurockman:則是copy後面的字直到\0 到前面的pointer 02/06 23:21

→ kiki86151:關鍵字Buffer overflow attack好像恐龍14.15章安全那邊 02/07 00:00

→ kiki86151:其實原理超簡單…大概我修過資安吧 code根本複製貼上== 02/07 00:02

→ naoh810322:感謝樓上兩位～～ 02/07 07:41

→ naoh810322:ab好像都是錯的那signature based anti-virus software 02/07 07:43

→ naoh810322: 到底能偵測什麼 02/07 07:43

→ naoh810322:e是在間接說那個程式不安全的意思嗎？ 02/07 07:44

→ naoh810322:而e好像是對的 02/07 07:45

→ naoh810322:102交大7出了一樣程式要選出避免安全問題 02/07 07:49

→ naoh810322:答案好像是d,strcpy(buffer,argv[1],sizeof(buffer)+1) 02/07 07:50

→ naoh810322:幫解釋一下含義，感恩 02/07 07:51

→ naoh810322:上面是sizeof(buffer)-1打錯抱歉 02/07 07:52

→ kiki86151:signature是偵測已知行為入侵所以ab錯應該改anomaly 02/07 12:02

→ kiki86151:只要有異常會測到然e不安全沒錯要把strcpy換102那樣 02/07 12:04

→ kiki86151:其實防止buffer overflow不只一種還有幾種恐龍沒提多少 02/07 12:04

→ kiki86151:原理著墨多建議去看問扣含意沒怎用==因為一模一樣扣 02/07 12:06

→ kiki86151:資安教好幾種XD 改成strncpy是最簡單的懂原理比較重要 02/07 12:06

→ naoh810322:非常感謝回答 02/07 16:00

→ naoh810322:我看還是放棄好了～～ 02/07 16:00