[Dailydave] Reminder: I attend painful meetings so you don't have to
rodrigo at kernelhacking.com
Fri Dec 11 12:45:06 EST 2015
CFG does not protect against valid path computing invalid data, aka,
data-only attacks. I believe that is what Sergey meant, but copying him to
grow the discussion ;)
On Dec 11, 2015 6:40 AM, "Andrew" <munin at mimisbrunnr.net> wrote:
> > Dr. Sergey Bratus did an excellent job of looking at how there is NO
> WAY TO DEFINE THE STANDARD EXECUTION PATH OF A PROGRAM.
> What about the information that Control Flow Guard generates? Then
> there's a map of "for each indirect branch, these are the allowable
> targets of that indirect branch." It seems that any control flow
> integrity system builds and describes some approximation of the
> "standard execution paths of a program" by design.
> Of course even if you get "execution path" right it doesn't even capture
> stuff like side channels, which I guess is what Bratus is talking about
> when he says "Advanced exploitation is rapidly becoming synonymous with
> the system operating exactly as designed — and yet getting manipulated
> by attackers" although I don't know if "attacks from the 70s" are really
> "advanced" ...
> On 12/09/2015 02:30 PM, Dave Aitel wrote:
> > You should read that probably. Basically everyone on this list is
> > effected by those issues.
> > -dave
> > _______________________________________________
> > Dailydave mailing list
> > Dailydave at lists.immunityinc.com
> > https://lists.immunityinc.com/mailman/listinfo/dailydave
> Dailydave mailing list
> Dailydave at lists.immunityinc.com
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Dailydave