...We describe return-oriented programming, a generalization of return-into-libc that allows an attacker to undertake arbitrary, Turing-complete computation without injecting code.New computations are constructed by linking together code snippets that end with a “ret” instruction. The ret instructions allow an attacker who controls the stack to chain instruction sequences together. Because the executed code is stored in memory marked executable, W^X and DEP will not prevent it from running.
...
Friday, January 2, 2009
Return-Oriented Programming: Exploits Without Code Injection
Posted by them at 8:50 AM 0 comments
Subscribe to:
Posts (Atom)