Command Injection and Confinement

Terms and concepts you should know

Paul Krzyzanowski

February 15, 2022

  • Integer overflow & underflow
  • Casting differnt types of ints
  • Command injection
  • Escaping characters
  • Parameterized queries
  • system, popen
  • Python subprocess
  • Python compile, eval, exec
  • String formatting attacks
  • PATH environment variable
  • Function interposition
  • LD_PRELOAD environment variable
  • Assumptions about open files
  • Problems with obscurity
  • Pathname parsing challenges
  • Unicode problems
  • TOCTTOU attacks
  • Problems with temp file creation
  • chroot jails
  • Deficiencies of chroot
  • Jailkits
  • FreeBSD Jail improvments
  • Linux Namespaces
  • clone() system call
  • Linux capabilities
  • Linux control groups
  • Lightweight process virtualization
  • Container components
  • Copy on write (CoW) file system
  • AppArmor
  • Container orchestration
  • Operating system level virtualization
  • Process virtual machines
  • Virtual machines
  • Hypervisor (virtual machine monitor)
  • Trap & emulate
  • Guest mode execution
  • Native (bare metal) VM vs. hosted VM
  • Covert channel
Last modified January 17, 2024.

© Paul Krzyzanowski. All rights reserved.

For questions or comments about this site, contact Paul Krzyzanowski, gro.kp@ofnibew

recycled pixels

The entire contents of this site are protected by copyright under national and international law. No part of this site may be copied, reproduced, stored in a retrieval system, or transmitted, in any form, or by any means whether electronic, mechanical or otherwise without the prior written consent of the copyright holder. If there is something on this page that you want to use, please let me know. Any opinions expressed on this page do not necessarily reflect the opinions of my employers and may not even reflect my own.

Page design derived from: HTML5 UP.