Add information about heap exploits #242
Comments
|
Thank you for sharing this suggestion for improvement! I think it makes sense to at least point to external references that have good explanations of how heap exploiting techniques work. That being said, if there are good references already, I wouldn't spend too many pages in the book going through all possible different heap exploitation techniques? I wonder if they all share a common mechanism that we could describe? If that would be the case, I think that would be the most valuable for the book, as it would help people needing to think about mitigations to understand the shared common mechanism, which in turn can help to reason about how effective a given mitigation is and this whole class of exploits... We could also describe one or two simple exploitation techniques and then point to an external reference for a more elaborate description? |
|
If I remember correctly, the goal is always to let a new allocation (that is done after the initial exploit) overlap with something existing (be it an existing heap allocation, a part of the stack or even complete memory). That then gives an attacker access to whatever is stored in the overlapped memory. The overlapping is achieved by manipulating the control structures attached to heap allocations. |
Use-after-free, double free and heap buffer overflows are mentioned as vulnerabilities, but not how to exploit them.
There are good explanations of heap exploiting techniques here: https://heap-exploitation.dhavalkapil.com/attacks
The text was updated successfully, but these errors were encountered: