On 2023-08-15 08:14, TU Haoxin wrote: > To make the address from the heap return as the same one from the stack, we > leverage some known heap exploitation techniques
That's very interesting and and all from a research point of view, but you might you not be confusing GNU Make for a network application that takes input from an untrusted user? Can you elaborate on the real world scenario under which GNU Make is attacked by a malicious user? Remember, that the user who runs GNU Make is building a program that they trust. The entire package contains all kinds of code from the developer, which the user blindly executes. If you trust my program and are building it, why would I choose to attack you by way of exploiting something in your GNU Make executable? You're voluntarily running code that I wrote, such as my ./configure script, or the shell fragments that comprise the recipes in my Makefile. I could put nasty things in the C program being built. GNU Make is a programming language, so we can ask the question: what about Makefile programs that are perfectly trustworthy themselves, but which are attacked by malicious data? I don't suspect GNU Make is used in that general way, as an application language for writing program which is itself trustworthy and trusted, but falls victim to malicious data which, through that program, attacks GNU Make. Or, do you know of some realistic example of this?
