[Toybox] [landley/toybox] Fix control flow integrity check failure in ps. (#53)
Rob Landley
rob at landley.net
Tue Nov 1 02:32:35 PDT 2016
On 11/01/2016 12:56 AM, Evgeniy Stepanov wrote:
> Basically, these days code pages are not writable and stack/data pages -
> not executable, and the majority of exploits require finding a code
> pointer in writable memory and replacing it with something different.
> I.e. hijacking the control flow of the program. Of course this requires
> the ability to write to the program memory, but that's what all the heap
> overflow and use-after-free bugs are for.
>
> CFI is about limiting possible control flow as much as possible.
So it's yet another layer of runtime checking trying to move the
exploits around.
Sigh, I'll throw it on the pile. Thanks for the heads up,
Rob
More information about the Toybox
mailing list