Y\u0131\u011f\u0131n P\u00fcsk\u00fcrtme, bilgisayar kullan\u0131m\u0131 d\u00fcnyas\u0131nda kullan\u0131lan, yayg\u0131n olarak tan\u0131nan bir tekniktir. Bu \u00f6ncelikle, arabellek ta\u015fmas\u0131 gibi g\u00fcvenlik a\u00e7\u0131klar\u0131ndan yararlan\u0131ld\u0131\u011f\u0131nda rastgele kod y\u00fcr\u00fctme olas\u0131l\u0131\u011f\u0131n\u0131 art\u0131rmak i\u00e7in bir i\u015flemin y\u0131\u011f\u0131n belle\u011finin bir b\u00f6lgesinin kabuk koduyla doldurulmas\u0131n\u0131 i\u00e7erir.<\/p>\n
Y\u0131\u011f\u0131n p\u00fcsk\u00fcrtme ilk olarak Matt Conover ve Oded Horovitz taraf\u0131ndan yaz\u0131lan ve 2000'li y\u0131llar\u0131n ba\u015f\u0131nda yay\u0131nlanan \u201cY\u0131\u011f\u0131n P\u00fcsk\u00fcrtme: Ortak G\u00fcvenlik \u00d6nlemlerine Kar\u015f\u0131 Bir Teknik\u201d ba\u015fl\u0131kl\u0131 bir g\u00fcvenlik belgesinde kamuoyunun dikkatine sunuldu. Ba\u015flang\u0131c\u0131, \u00e7al\u0131\u015fan bir i\u015flemin adres alan\u0131n\u0131 rastgele hale getirmek ve b\u00f6ylece sald\u0131rganlar\u0131n kabuk kodlar\u0131n\u0131n bellekte nerede bulunaca\u011f\u0131n\u0131 tahmin etmesini zorla\u015ft\u0131rmak i\u00e7in tasarlanm\u0131\u015f g\u00fcvenlik mekanizmalar\u0131n\u0131n giderek daha fazla uygulanmas\u0131yla ger\u00e7ekle\u015fti.<\/p>\n
Y\u0131\u011f\u0131n p\u00fcsk\u00fcrtme \u00f6ncelikle bellek bozulmas\u0131 g\u00fcvenlik a\u00e7\u0131klar\u0131ndan yararlanmak i\u00e7in kullan\u0131l\u0131r. Amac\u0131, bir s\u00fcrecin y\u0131\u011f\u0131n\u0131n\u0131, sald\u0131rgan\u0131n kabuk kodunun s\u00fcrecin b\u00fcy\u00fck bir b\u00f6l\u00fcm\u00fcne yay\u0131lmas\u0131n\u0131 sa\u011flayacak \u015fekilde manip\u00fcle etmektir. Bu, y\u0131\u011f\u0131n i\u00e7inde her biri istenen kabuk kodunun bir kopyas\u0131n\u0131 ta\u015f\u0131yan birden fazla nesne veya \u00f6rnek olu\u015fturularak yap\u0131l\u0131r.<\/p>\n
Bu teknik genellikle rastgele kod y\u00fcr\u00fct\u00fclmesine izin veren di\u011fer istismarlarla birlikte kullan\u0131l\u0131r. Bununla birlikte, bu istismarlarla ilgili sorun, genellikle y\u00fcr\u00fct\u00fclecek kodun tam bellek konumu hakk\u0131nda bilgi gerektirmesidir; bu da \u00e7e\u015fitli g\u00fcvenlik \u00f6nlemleri nedeniyle tespit edilmesi zor olabilir. Y\u0131\u011f\u0131n p\u00fcsk\u00fcrtme, y\u0131\u011f\u0131n\u0131n \u00f6nemli bir b\u00f6l\u00fcm\u00fcn\u00fc gerekli kabuk koduyla doldurarak bu sorunu \u00e7\u00f6zer, b\u00f6ylece istismar\u0131n kodun y\u00fcr\u00fct\u00fclmesini tetikleme \u015fans\u0131n\u0131 istatistiksel olarak art\u0131r\u0131r.<\/p>\n
Y\u0131\u011f\u0131n p\u00fcsk\u00fcrtme iki a\u015famal\u0131 bir i\u015flemle \u00e7al\u0131\u015f\u0131r:<\/p>\n
Sprey<\/strong>: Y\u0131\u011f\u0131n belle\u011fi istenen kabuk kodunun birden \u00e7ok \u00f6rne\u011fiyle doldurulur. Bu, kabuk kodunu ta\u015f\u0131yan nesneler veya \u00f6rnekler olu\u015fturularak yap\u0131l\u0131r ve bunlar daha sonra y\u0131\u011f\u0131n\u0131n farkl\u0131 bellek adreslerine tahsis edilir.<\/p>\n<\/li>\n Tetiklemek<\/strong>: Rastgele kod y\u00fcr\u00fctmek i\u00e7in bir g\u00fcvenlik a\u00e7\u0131\u011f\u0131ndan yararlan\u0131l\u0131r. Bellek kabuk kodu \u00f6rnekleriyle dolduruldu\u011fundan, y\u00fcr\u00fct\u00fclen kodun sald\u0131rgan\u0131n kabuk kodu olma olas\u0131l\u0131\u011f\u0131 \u00f6nemli \u00f6l\u00e7\u00fcde artar.<\/p>\n<\/li>\n<\/ol>\n Y\u0131\u011f\u0131n p\u00fcsk\u00fcrtmenin temel \u00f6zellikleri \u015funlard\u0131r:<\/p>\n Y\u0131\u011f\u0131n p\u00fcsk\u00fcrtmenin \u00e7e\u015fitli \u00e7e\u015fitleri vard\u0131r ve her biri y\u0131\u011f\u0131n\u0131 p\u00fcsk\u00fcrtmek i\u00e7in kullan\u0131lan y\u00f6ntemlere g\u00f6re farkl\u0131l\u0131k g\u00f6sterir. \u0130\u015fte birka\u00e7 t\u00fcr:<\/p>\nY\u0131\u011f\u0131n P\u00fcsk\u00fcrtmenin Temel \u00d6zellikleri<\/h2>\n
\n
Y\u0131\u011f\u0131n P\u00fcsk\u00fcrtme \u00c7e\u015fitleri<\/h2>\n