so this protects against overwriting frame pointers to make the stack pointer point to the heap or somewhere else?
-
-
-
when you have a size- or character- restricted overflow, you often want to pivot the stack to a bigger buffer you control - usually finding the address of it somewhere in a parent stackframe and then using a handful of rop gadgets to get that value into rsp-
- 12 more replies
New conversation -
-
-
"This opportunistic software-emulation of a stack protection bit makes stack-pivot operations during ROPchain fragile (kind of like removing a tool from the toolbox)." https://marc.info/?l=openbsd-cvs&m=152355323829135&w=2 …
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.