how2heap icon indicating copy to clipboard operation
how2heap copied to clipboard

Published 20 hours ago verified publisher icon shellphish

Linux Kernel (SLUB/SLAB)

Open zachriggle opened this issue 8 years ago • 2 comments

It'd be nice to see some write-ups on SLUB / SLAB exploitation.

It should be relatively easy to rip out the allocator and turn it into a user-space library a la LD_PRELOAD.

zachriggle avatar Jan 25 '17 17:01 zachriggle

That'd be really cool! Some relevant resources:

  • https://en.wikipedia.org/wiki/Linux_Kernel_Library
  • http://user-mode-linux.sourceforge.net/

LKL might be applicable to this usecase, though I haven't looked into it.

zardus avatar Jan 25 '17 18:01 zardus

It's seems that pointer mangling protection in 2.32 work the same as CONFIG_SLAB_FREELIST_HARDENED=y I think, it will be very very nice to read some material about techniques to deal with that type of exp from you, guys. Thanks.

kotee4ko avatar Jun 14 '21 18:06 kotee4ko