Security Warrior

Errata for Security Warrior

Submit your own errata for this product.

The errata list is a list of errors and their corrections that were found after the product was released.

The following errata were submitted by our customers and have not yet been approved or disproved by the author or editor. They solely represent the opinion of the customer.

Color Key: Serious Technical Mistake Minor Technical Mistake Language or formatting error Typo Question Note Update

Version Location Description Submitted By Date Submitted
Printed Page 24
2.3.1. Example 1: A Sample Crackme

When I go to, I dont find Crack me program to download as per the instruction. pg 35 symbol table has B Uninitialized data (.bss) however, the printed example of output shows 0804a06c A __bss_start it would seem that Uninitialized data is signified by A rather than B

Printed Page 162
Second to last paragraph

The last paragraph of section 5.1.1 reads as follows: "Like several other C++ functions, strcpy( ) is inherently weak, in that it will write the extra characters past the variable end. This usually results in a program crash. In this particular case, the crash was an error in reading past the end of the statically allocated string. In a worst-case scenario, such an overflow might allow you to execute arbitrary code on the target system, as discussed later in this chapter." The last sentence is correct. The rest ranges between minor and major technical inaccuracies. First, the minor inaccuracy. strcpy() is a C function. Learn the difference between C and C++, don't just blurt C++ because you think it's a superset of C (it's not; not all C code compiles to C++). Consider as well that pointing out C functions, even in C++ code bodies, allows the reader to know that the C language is affected; obviously a template can only impact C++, but strcpy() impacts C and C++. Next, the major one. The error here was NOT an error in reading past the end of a statically allocated string. Think what little sense that makes anyway; you could write to it, why not read? More importantly, wouldn't whatever caught the read also have caught the write, and thus the overflow? Knowledge of the stack and x86 C and C++ compilers should tell you that the buffer is in the stack frame anyway, and the whole stack is read/write. Again, you didn't write past the end of the stack, as that would take a lot of data and also would trigger a write error. The reason memory could not be "read" is that read implies execute on x86. What happened here, as you may notice because the instruction apparently referenced its own address, is that the area of memory returned to was not mapped. The overflow overwrote the return address on the stack; upon RET, the program happily jumped elsewhere-- in this case, into nothing.

Printed Page 246
bottom(explanation of MAC times)

ctime records when the properties of a file was changed. mtime records when a file was changed. For example, if you change a permission of a file, ctime changes. pg 261 "RIX" should be "AIX" pg 273 "" would more appropriately be "" pg 274 "X Windows does function..." should be "does not function..."

Printed Page 274
The middle of the page

Both "To locate all SUID binaries, ..." and "This produces a list of all SUID ..." say same thing.

Printed Page 277
The center of the page

As long as ~/.ssh2(or ~/.ssh) directory is owned by a user, the user can remove the file "authorization"(or "authorized_keys"). So although the user can not modify the file, he can remove the file and create a new file with the same name. It doesn't work for a skilled user.

Printed Page 279
Last line of "FTP"

/etc/ftpusers is used for listing users who are "not" allowed logins via FTP.

Printed Page 295
item 5

There is a space between directory name and file name in "~/.ssh/ authorized_keys". Delete the space. pg 319 "top 10" lists both say 2002 (first one listed should be 2003?) pg 377 "the part of the application visitble to the user..." should be "application visible to..." pg 382 "but how does we..." should be "how do we..." pg 416 "" should be "sourceforge" pg 453 "RFC 918" should be "RFC 1918" pg 467 "Linux iptables, ipchains, FreeBSD, NetBSD, or ipf or OpenBSD's new pf code" Should be something more like: "iptables or ipchains on Linux, and ipfw, ipf, or the new pf on FreeBSD, NetBSD, and OpenBSD (each *BSD has at least one of the above)"