Exploit Methods/Reused code chunks

From Linux Kernel Security Subsystem
(Difference between revisions)
Jump to: navigation, search
(Examples)
(Mitigations)
 
Line 9: Line 9:
 
* compiler instrumentation for Control Flow Integrity (CFI)
 
* compiler instrumentation for Control Flow Integrity (CFI)
 
* Return Address Protection, Indirect Control Transfer Protection (e.g. [https://pax.grsecurity.net/docs/PaXTeam-H2HC15-RAP-RIP-ROP.pdf RAP])
 
* Return Address Protection, Indirect Control Transfer Protection (e.g. [https://pax.grsecurity.net/docs/PaXTeam-H2HC15-RAP-RIP-ROP.pdf RAP])
 +
* Constant blinding (to defeat JIT sprays)

Latest revision as of 22:10, 4 May 2016

[edit] Details

This is more generally knows as Return Oriented Programming (ROP) or Jump Oriented Programming (JOP), but ultimately boils down to using the kernel's own executable memory to build a chain of gadgets in order to perform the attacker's exploit.

[edit] Examples

[edit] Mitigations

  • compiler instrumentation for Control Flow Integrity (CFI)
  • Return Address Protection, Indirect Control Transfer Protection (e.g. RAP)
  • Constant blinding (to defeat JIT sprays)
Personal tools
Namespaces

Variants
Actions
Navigation
Tools