Menu
Home
People
Places
Arts
History
Plants & Animals
Science
Life & Culture
Technology
Reference.org
Return-to-libc attack
open-in-new
<p>A "return-to-libc" attack is a <a href="/facts/Computer_security/7E5dIy7G">computer security</a> attack usually starting with a <a href="/facts/Buffer_overflow/uMFduL4B">buffer overflow</a> in which a subroutine <a href="/facts/Return_statement/lK7c71aa">return address</a> on a <a href="/facts/Call_stack/1sMt713v">call stack</a> is replaced by an address of a subroutine that is already present in the <a href="/facts/Process_(computing)/Vcq7EnUV">process</a> executable memory, bypassing the <a href="/facts/NX_bit/MnBB93BK">no-execute bit</a> feature (if present) and ridding the attacker of the need to <a href="/facts/Code_injection/6gPRDpd1">inject</a> their own code. The first example of this attack in the wild was contributed by <a href="/facts/Solar_Designer/0cL2DpVg">Alexander Peslyak</a> on the <a href="/facts/Bugtraq/70VYP3u7">Bugtraq</a> mailing list in 1997. </p><p>On <a href="/facts/POSIX/mQkSt234">POSIX</a>-compliant <a href="/facts/Operating_system/8XTuvMh2">operating systems</a> the <a href="/facts/C_standard_library/qdG1nW2c">C standard library</a> ("libc") is commonly used to provide a standard <a href="/facts/Runtime_environment/YmCuC4xP">runtime environment</a> for programs written in the <a href="/facts/C_programming_language/Ky2No763">C programming language</a>. Although the attacker could make the code return anywhere, libc is the most likely target, as it is almost always linked to the program, and it provides useful calls for an attacker (such as the <a href="/facts/C_process_control/jyvQdka8">system</a> function used to execute shell commands). </p>