Continued attacks on HTTP/2

Posted Apr 15, 2024 12:47 UTC (Mon) by Cyberax (✭ supporter ✭, #52523)
In reply to: Continued attacks on HTTP/2 by wtarreau
Parent article: Continued attacks on HTTP/2

> And particularly since systems have been starting to ship with ulimit -c 0 by default, this has been perceived as the cheap error handling: why write a length check and go through error handling if the result is the same ?

When I was studying at a university about 25 years ago, we actually had a mandatory course where we wrote an exploit, with simple shell code, for a deliberately vulnerable server written in C. So people certainly know about the danger of OOB access.

Continued attacks on HTTP/2

Posted Apr 16, 2024 3:23 UTC (Tue) by wtarreau (subscriber, #51152) [Link]

That's great that you had this opportunity. The first time a person taught me about the ability to overflow a buffer and execute code 30 years ago, I almost laughed, and said "you'd be lucky if that would surprisingly work", and he told me "it works more often than you think". That's when I started experimenting with it and figured how hard it was to achieve on sparc (due to switched register banks) that I wrote a generic exploitation tool for this and finally managed to get root on some systems :-) I just felt sad that it was so much ignored by teachers themselves.