Reply to post: Re: 4 bits one in 16

Oracle's Larry Ellison claims his Sparc M7 chip is hacker-proof – Errr...

Michael Wojcik Silver badge

Re: 4 bits one in 16

If you're in a position to flip bits in someone else's pointer aren't you already in control of the application?

Generally not. The typical use-after-free attack, like most stack-smashing attacks, integer-overflow attacks, etc, must leverage the initial violation into a full exploit. Generally that's a process of some complexity - how complex depends on the vulnerability and the application in which it exists. Sometimes it's straightforward, as with many return-into-library exploits. Sometimes it isn't; Ormandy's #GP Trap exploit for Windows is a good example of a complicated one.

So it's quite plausible that you'd have a vulnerability that let you flip bits in a pointer but did not in itself give you much more than that.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019