Pillar - a weakness that is the most abstract type of weakness and represents a theme for all class/base/variant weaknesses related to it. An untrusted interfering code sequence can be authored directly by the attacker, and typically it is external to the vulnerable program. The interfering code sequence could be "trusted" or "untrusted." A trusted interfering code sequence occurs within the program it cannot be modified by the attacker, and it can only be invoked indirectly. For example, the single "x++" statement may appear atomic at the code layer, but it is actually non-atomic at the instruction layer, since it involves a read (the original value of x), followed by a computation (x+1), followed by a write (save the result to x). Programmers may assume that certain code sequences execute too quickly to be affected by an interfering code sequence when they are not, this violates atomicity.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |