Description
Memory corruption vulnerabilities still play a major role in software security today.
To mitigate the exploitability of such vulnerabilities, many techniques have been
developed, like stack canaries, SMAP, or various Control-Flow Integrity (CFI) implementations.
Due to the effectiveness of CFI and it becoming more widespread,
data-only exploits have increased in popularity. These mainly use pointers to achieve
their goal, so research developed pointer integrity techniques to mitigate exploits trying
to corrupt them. With that in place, attackers will focus on non-pointer data instead,
but not much research exists yet covering non-pointer data and their role in exploits.
This thesis takes a look at a number of public exploits in the Linux kernel to identify
data structures that can be used for exploitation even with the presence of current
mitigations in place and evaluates their risk.
|
