Memory allocator security
- Type
- Slides
- Tags
- C / C++
- Authors
- Yves Younan
- Event
- Chaos Communication Congress 22th (22C3) 2005
- Indexed on
- Mar 27, 2013
- URL
- http://events.ccc.de/congress/2005/fahrplan/attachments/636-CCCmallocyy.pdf
- File name
- 636-CCCmallocyy.pdf
- File size
- 227.0 KB
- MD5
- 4ef1494cb694b6ba52564e95e602c415
- SHA1
- 4456fd4f2e066841d3f56c77137cbb438b9f1657
This talk will discuss a variety of memory allocators that are available for C and C++ and how they can be exploited. Afterwards I will describe our modification to one of these memory allocators that makes it more resilient to attacks. While stack-based buffer overflows have dominated the vulnerabilities which can cause code injection attacks, heap-based buffer overflows and dangling pointer references to heap memory are also important avenues of attack. In this talk we will describe how attackers can exploit many common memory allocators. We will discuss the memory allocator used in Linux (dlmalloc), the one from FreeBSD (phkmalloc), 2 academic allocators (CSRI, Quickfit) and Boehm's garbage collector. We will then discuss our more secure memory allocator (called dnmalloc) and will also describe several countermeasures that exist that protect against these attacks: Robertson's heap protector, GlibC 2.3.5's integrity checks and Contrapolice, .... This talk will also mark the first public release of dnmalloc which is the more secure memory allocator that I will be talking about.
About us
Secdocs is a project aimed to index high-quality IT security and hacking documents. These are fetched from multiple data sources: events, conferences and generally from interwebs.
Statistics
Serving 8166 documents and 531.0 GB of hacking knowledge, indexed from 2419 authors from 163 security conferences.
Contribute
To support this site and keep it alive, you can click on the buttons below. Any help is really appreciated! This service is provided for free, but real money is needed to pay bills.
