how2heap icon indicating copy to clipboard operation
how2heap copied to clipboard
verified publisher icon shellphish

add glibc 2.24 io file bypass

Open WinMin opened this issue 7 years ago • 3 comments

WinMin avatar Mar 20 '19 11:03 WinMin

Is there a reason this has not been addressed? I thought the inclusion of a bypass of the patch would be useful.

mdulin2 avatar May 13 '20 23:05 mdulin2

@mdulin2 This is not addressed because it is actually a file io exploitation technique. Although attackers often abuse file io after heap exploit, personally, I'm not sure whether it belongs to this repo.

Kyle-Kyle avatar May 14 '20 05:05 Kyle-Kyle

Yeah, I see your point; the lines kind of blurry on what's a new heap exploitation technique I feel like. I do think it would be nice if the House of Orange Technique would work in versions after 2.23 though.

Maybe add a link to this PR inside of the house_of_orange.c to show that there is a way to make this technique work in versions after 2.23 but not add this to the repo directly? I still think this is useful to have around in some capacity.

mdulin2 avatar May 20 '20 16:05 mdulin2