Presentation on system level vulnerabilities (as given at 44CON 2013).
A wise man once said (paraphrased) “if you want to find UNIX bugs, compare and contrast the Linux and Solaris man pages”. Following on from my previous work on linker bugs and more recently AIX (at 44CON 2012), we’ll look at some of the more interesting areas of the POSIX specification, focusing on the various IPC mechanisms that can be found in modern POSIX alike OS as well as kernel land more generally. The talk included some new tools I’ve written (to be published in due course) to aid in this analysis along with some discussion around how I uncovered potentially exploitable bugs in ~400 Debian GNU/Linux packages in a single day.
This talk was based around the recently released whitepaper “Memory Squatting: Attacks On System V Shared Memory“.
Tools referenced in this talk include:
We will be uploading more of the tools referenced in the talk in due course, so please check back soon.