2013.Március 26.(K) 16:56 időpontban Javier Juan Martínez Cabezón ezt írta: > On 26/03/13 16:45, Javier Juan Martínez Cabezón wrote: >> On 26/03/13 16:11, "Tóth Attila" wrote: >> >>> >>> I wonder how these ROP techniques can theoretically perform in a >>> java virtual machine? What are the possbile target vectors for >>> Python or Ruby? What about JIT code? >> >> http://www.grant-olson.net/python/pyasm > I'm not sure if I understood you wrongly, do you want mean how can > someone do ROP in python? or how a python script could be objetive of a > ROP attack?
I ment: how to do ROP in python and how a compiled python script can be an objective of a ROP attack? If the attacker carefuly studies the way how exactly the script becomes executable code in memory, it gains control on a mechanism to plant the necessary pre-designed snippets needed for the actual exploit. We saw the exploit hardening software of the guy in the presentation video. If they can succesfully analyse given language like java or python, they could find a way to pre-create the code fragments they need. There could be an additional phase for designing and implanting these. If the runtime environment has a flaw, they may gain full or partial control over the location as well. So that means less probing would be necessary and the mechanism would be much faster. > Python is linked against libc too, and finally it finish being executed > in machine (assembler) code, the main difference is that C for example > needs compilation, python scripts "are compiled" on the fly. I could also mention other languages, like python. Those who deal with scripts or partially compiled interim formats. I don't have internal information about these. But I suspect that address randomization of the run-time generated code was not considered as a focus of interest. There can be numerous weaknesses (even by design) in such languages. If the attacker figures out the way to get through the execution process, there will be endless victims out there to exploit. I'm not a professional computer scientist, so I'm sorry if I use some tech words inappropriately. -- dr Tóth Attila, Radiológus, 06-20-825-8057 Attila Toth MD, Radiologist, +36-20-825-8057
