The Geometry of Innocent Flesh on the Bone: Return-into-libc
without Function Calls (on the x86)
By Hovav Shacham.
In Proceedings
of CCS
2007, pages 552–561.
ACM Press,
Oct. 2007.
Superseded by [RBSS12].
Abstract
We present new techniques that allow a return-into-libc attack
to be mounted on x86 executables that calls no functions at
all. Our attack combines a large number of short
instruction sequences to build gadgets that allow
arbitrary computation. We show how to discover such instruction
sequences by means of static analysis. We make use, in an
essential way, of the properties of the x86 instruction set.
Material
-
published paper (PDF),
© ACM.
-
full paper (PDF).
See Also
Reference
@InProceedings{S07,
author = {Hovav Shacham},
title = {The Geometry of Innocent Flesh on the Bone:
Return-into-libc without Function Calls (on the
{x86})},
booktitle = {Proceedings of CCS 2007},
editor = {De Capitani di Vimercati, Sabrina and Paul Syverson},
month = oct,
year = 2007,
publisher = {ACM Press},
pages = {552-61}
}