Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Bypassing Clang's SafeStack for Fun and Profit

Black Hat via YouTube

Overview

Explore the vulnerabilities of Clang's SafeStack security feature in this 43-minute Black Hat conference talk. Dive into the implementation details of SafeStack, which aims to protect return addresses on the stack from memory vulnerabilities. Learn about the separation of data and return addresses into unsafe and safe stacks, respectively. Discover three potential problems with SafeStack's implementation, including memory corruption, analysis of dynamic thread vectors, and stack user variables. Examine case studies involving Firefox and MySQL to understand entropy reducibility. Investigate two primitives for exploiting SafeStack: spraying and persistent allocation. Gain insights into the effectiveness of SafeStack as a replacement for stack cookies and understand its limitations in providing complete protection against return address overwrites.

Syllabus

Introduction
Outline
SafeStack
What is SafeStack
SafeStack in Memory
SafeStack Internals
How Safe is SafeStack
Three Problems
Memory Corruption
Analysis
Dynamic Thread Vector
Stack User Variables
Other Stack Variables
Entropy Reducibility
Firefox
MySQL
Spraying
Two Primitives
Persistent Allocation
Conclusion

Taught by

Black Hat

Reviews

Start your review of Bypassing Clang's SafeStack for Fun and Profit

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.