Preventing stack guard-page hopping
Preventing stack guard-page hopping
Posted Jun 20, 2017 9:43 UTC (Tue) by moltonel (guest, #45207)In reply to: Preventing stack guard-page hopping by roc
Parent article: Preventing stack guard-page hopping
The libc isn't high-privilege/trusted, and any local attacker can use his own vulnerable libc-equivalent routines instead. So a protection at libc-level would only protect against remote attacks, where the attacker has to contend with the local libc or use a different vulnerability to bring his own libc-equivalent.
Posted Jun 20, 2017 10:13 UTC (Tue)
by matthias (subscriber, #94967)
[Link]
If the attacker has the ability to run his own code with privileges, everything is already lost. No need for an exploit.
Preventing stack guard-page hopping
There are certainly some suid binaries linking against libc. Thus the libc is high-privilege code. The local attacker can only use the code/libraries linked into suid binaries.