Is it just me or does MTE fundamentally rely on pointer values being secret? Scenario: Attacker finds address of a dangling pointer, reads tag from it, then repeatedly allocates and deallocates objects in that spot until the tag matches.
-
-
It seems to me that it's the same kind of info an attacker would usually need to defeat heap randomization. Although I guess it defeats heap sprays.
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.