[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
|
|
Subscribe / Log in / New account

Preventing stack guard-page hopping

Preventing stack guard-page hopping

Posted Jun 19, 2017 21:09 UTC (Mon) by roc (subscriber, #30627)
In reply to: Preventing stack guard-page hopping by cpitrat
Parent article: Preventing stack guard-page hopping

> This would protect remote attacks but wouldn't prevent an attacker to write his own stack allocation for local privilege escalation​.

The local privilege escalation threat assumes that the high-privilege C code is trusted, and then exploits it.

If the attacker can write high-privilege C code, you've already lost.

to post comments

Preventing stack guard-page hopping

Posted Jun 20, 2017 9:43 UTC (Tue) by moltonel (guest, #45207) [Link] (1 responses)

The libc isn't high-privilege/trusted, and any local attacker can use his own vulnerable libc-equivalent routines instead. So a protection at libc-level would only protect against remote attacks, where the attacker has to contend with the local libc or use a different vulnerability to bring his own libc-equivalent.

Preventing stack guard-page hopping

Posted Jun 20, 2017 10:13 UTC (Tue) by matthias (subscriber, #94967) [Link]

There are certainly some suid binaries linking against libc. Thus the libc is high-privilege code. The local attacker can only use the code/libraries linked into suid binaries.

If the attacker has the ability to run his own code with privileges, everything is already lost. No need for an exploit.


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds