Navigation
Recherche
|
[$] Per-call-site slab caches for heap-spraying protection
jeudi 22 août 2024, 16:15 , par LWN.net
One tactic often used by attackers set on compromising a system is heap spraying; in
short, the attacker fills as much of the heap as possible with crafted data in the hope of getting the target system to use that data in a bad way. If heap spraying can be blocked, attackers will lose an important tool. The kernel has some heap-spraying defenses now, including the dedicated bucket allocator merged for the upcoming 6.11 release, but its author, Kees Cook, thinks that more can be done.
https://lwn.net/Articles/986174/
Voir aussi |
56 sources (32 en français)
Date Actuelle
mar. 5 nov. - 11:51 CET
|