Sam Ellis
Sam Ellis
Suggestion to add a section on binary images and how these are constructed and can be exploited, for example: * code versus data * read-only, relro, execute-only * ASLR *...
Chapter 2 is presently named "Memory vulnerability based attacks and mitigations" and I'd like to suggest shortening it to "Memory vulnerability based attacks". The shorter form is consistent with other...
Consider section on ABI vulnerabilities. The premise is that some computing systems provide a security enclave, for example, Arm TrustZone and Intel SGX. When such an enclave exists there is...
Consider inclusion of trojan-source attacks? https://www.trojansource.codes/trojan-source.pdf Possibly may fit into supply chain section.
Consider if supply chain attacks on a compiler itself are within the scope of the book. For example, compilers are widely deployed and so could be an attractive target for...
Consider whether run-time vulnerabilities in compilers themselves are within the scope of the book. For example, with compilers used in JITs or run via automated CI farms with possibly hostile...
The Timing Attacks section launches straight in with cryptography as a place where timing attacks are used, possibly leading to the conclusion that cryptography is the _only_ place where timing...
When compiling on Mac OS X using Apple LLVM version 8.0.0 (clang-800.0.38) the following error is seen ``` gcc -c -o regions.o -I.. -iquote -DNMEMDEBUG -DSIZEOF_VOIDP=4 -Wall -g -O2 regions.c...
Receive a segfault when running elkhound/elkhound elkhound/examples/crash1.gr on Mac OS X. Have built the tools using Apple LLVM version 8.0.0 (clang-800.0.38). Debegging segfault reveals the cause to be dereferencing a...
When compiling oink on Mac OS X using Apple LLVM version 8.0.0 (clang-800.0.38) the following warning is seen: ``` gcc -c -o regions.o -I.. -iquote -DNMEMDEBUG -DSIZEOF_VOIDP=4 -Wall -g -O2...