Sunday, August 26, 2012

Smashing the non-executable stack for fun and profit

In 1996, Elias Levy ("Aleph One") published "Smashing The Stack For Fun And Profit" in Phrack magazine. The article showed how to overflow a buffer to launch a shell.

I’m almost ashamed I never took a closer look for over a decade. My background would suggest I’d be one of the early adopters. As a kid, I loved messing with assembly language and poking around the system. I collected computer viruses. I bypassed copy protection systems. I knew how to make free phone calls. In grad school, my advisor and my colleagues taught a computer security class, where rooting a system by smashing the stack was a homework assignment.

With pride, and relief, I can now announce that at long last, in 2012, I have exploited a buffer overflow. Moreover, I have written a truly marvelous step-by-step guide to this, which this post is too narrow to contain. (I’m afraid of overflowing it.) I took notes because I encountered difficulties with other tutorials:

  • 32-bit systems are often assumed. My system is 64-bit.

  • Various countermeasures are now enabled on stock installs.

  • I wanted to try a newer variant of the attack known as return-oriented programming, which defeats one of the countermeasures.

Luckily my website has ample room. Read now, and get a bonus shell script that demonstrates the attack!

Wednesday, August 8, 2012

Isn't Algebra Necessary?

A recent New York Times article ponders if we should downgrade mathematics taught to high school and college students, and in particular, cut basic algebra.

Seriously? A horizontal line may represent an unknown word in those fill-in-the-blank primary school comprehension tests ("The dog’s name is __."), but a letter should never represent an unknown number lest it cause undue mental stress?

Among my first thoughts was that the article was a professional troll posting. After all, The New York Times is sadly going through a rough patch, and I sympathize if they must occasionally stoop lower to catch some extra cash. (If it is a troll posting, hats off! You got me.)

But the truth is probably mundane; it seems the author genuinely believes that algebra should be dropped.

On the one hand, this benefits me. If the article is taken seriously, and algebra is withheld from the masses, then those of us who know it possess formidable advantages. (The conspiracy theorist in me wonders if the author actually finds elementary algebra, well, elementary, and the true intent is to get ahead by encouraging everyone else to dumb down.)

On the other hand, the piece smacks of ignorance-is-strength propaganda, and thus is worth smacking down.


The article suggests that, instead of algebra, classes should perhaps focus on how the Consumer Price Index is computed. I agree studying this is important: for example, I feel more attention should be drawn to the 1996 recommendations of the Boskin commission. If the Fed did indeed repeat the mistakes of the 1970s, then I should bump up the official US inflation rate when analyizing my finances. However, this stuff belongs to disciplines outside mathematics.

More importantly, what use is the CPI without algebra? Take a simple example: say I owe you $1000, and the inflation rate is 5%. If all you care about is keeping up with inflation, is it fair if I pay you back $120 annually for 10 years? If not, what is the right amount?

Without algebra, you might be able to figure that $1000 today is the same as 1000×(1.05)10 = $1628.89 in 10 years. But how are you going to figure out that the yearly payment should be 0.05×1628.9/(1.0510 - 1)? The easiest way to arrive here is to temporarily treat 1.05 as an abstract symbol. In other words, elementary algebra. One does need to play this ballgame for personal finance after all.

You might counter that an amortized loan calculator can work out the answer for you; there’s no need to understand how it works, right?

Ignorance begets fraud

In the above calculation, do I make my first payment today, or a year from now? Don’t worry, I’ll figure it out for you. Or perhaps I’ll claim you’re using the wrong mode on the calculator and helpfully retrieve the "right" formula for you.

Maybe you’d avoid these shenanigans by entrusting an accountant to oversee deals like this. Okay, but what if it’s not a loan? Say you’re making a policy recommendation and I’m an disingenuous lobbyist: can you tell if I’m fudging my figures?

I heard a story about Reagan’s SDI program. Scientists estimated a space laser required 1020 units of energy, and current technology could generate 1010 units. They got funding by saying they were halfway there.

I hope this tale is apocryphal. Nevertheless, one can gouge the mathematically challenged just as unscrupulous salesmen rip off unwitting buyers. Unfortunately, with finance and government policy, damage caused by bad decisions can be far worse and longer lasting.

Fermat’s Last … Dilemma?

One bright spot in the article was the mention of "the history and philosophy of [mathematics], as well as its applications in early cultures". While not required to solve problems, knowing the background to famous discoveries makes a subject more fun.

It is inspiring that within a few short school years we enjoy the fruits of thousands of years of labour. Perhaps a student struggling with negative numbers would feel better knowing that it took many generations for them to be socially acceptable. For instance, the Babylonians were forced to divide the quadratic equation into different cases because they rejected negative numbers on philosophical grounds.

But at the same time, we see a mention of "Fermat’s dilemma", which charitably is a creative renaming of "Fermat’s Last Theorem" (though more likely there was some confusion with the "Prisoner’s Dilemma" from game theory). The author chose this example poorly, because the history of Fermat’s Last Theorem actually bolsters the case for algebra. It shows how a little notation goes a long way.

For Fermat did not use symbolic algebra to state his famous conjecture. Instead, he wrote:

Cubum autem in duos cubos, aut quadrato-quadratum in duos quadrato-quadratos, et generaliter nullam in infinitum ultra quadratum potestatem in duos eiusdem nominis fas est dividere cuius rei demonstrationem mirabilem sane detexi. Hanc marginis exiguitas non caperet.

(If it took him that many words to state the theorem, no wonder he had no space for a proof!)

We have it easy today. Mathematics would be considerably harder if you had to compute amortized loan payments with Latin sentences instead of algebra.

How could a writer fail to appreciate algebra? Strunk taught that "vigorous writing is concise." Which is more concise: the above, or "xn + yn = zn has no positive integer solutions for n > 2"?

What should we learn?

Some time ago, I arrived at the opposite conclusion of the author, after reading confessions of professional academic ghostwriters. Algebra is fine; the courses that need reform are those far removed from mathematics.

According to "Ed Dante", who is hopefully exaggerating, you can pass such courses so long as you have Amazon, Google, Wikipedia, and a decent writing ability. You get the same results and save money by paying for an internet connection instead of university tuition.

I suppose I should also end on a positive note: I propose introducing ghostwriting courses, where the goal is to bluff your way through another course in the manner "Ed Dante" describes. The library would be off-limits, and you must not have previously studied the target subject. Perhaps the first 3 assignments can be admissions essays: one each for undergraduate, master’s and doctoral programs. Grading would be easy: if they fall for it, you get a good score.

With luck, universities would be forced to either beef up the victim degrees (perhaps by assessing students with something besides essays, or by teaching something that cannot be immediately learned from the web), or withdraw them. Additionally, the students would learn the importance of writing, and be harder to fool.

Sunday, August 5, 2012

Keeping up with yesterday

My to-do list has grown frightening large. Perhaps I'll be more motivated to tackle it by publicly announcing a few of its entries.

  • Apologies to those who sent me patches to my Git tutorial, or are awaiting email responses about the PBC library. I'll try to get around to them soon. And perhaps I'll even get back to working on the second edition of the printed version, which I originally planned to release 2 years ago!
  • I took notes on return-oriented programming on 64-bit Linux that I want to put up on my site somewhere. They've been almost ready for months.
  • Months ago, I also coded a logic puzzle solver that takes its input in a concise format. It's about ready for release.
  • In general, I want to rant and rave more over petty technical issues.

I'd better stop here, otherwise this list may also become too scary for me look at.