Re: PoC: Function Pointer Protection in C Programs

> After bit of thought a loops with callback can be optimized by gcc. > > It could be possible to teach CSE to rewrite > > while(foo){ > check(p); > (*p)(x,y,z); > } > > into > > check(p); > while(foo){ > (*p)(x,y,z); > } > This might introduce security issues, if an attacker is able to o

Re: [oss-security] PoC: Function Pointer Protection in C Programs

> Your approach seems to have some slight similarities with -fvtable-verify: > > > Maybe some code sharing could be achieved? Thanks for the hint, this project was actually a big inspiration for my thesis and is part of my related work, alth

Re: PoC: Function Pointer Protection in C Programs

> What is performance impact for program that just qsorts big array? It > looks like worst case scenario for me. I just put together a quick test program that sorts an array of 10^6 integers and stopped the execution time using "time". The results are as follows (+- 0,01s): protection disabled,

Re: PoC: Function Pointer Protection in C Programs

The pdf is in english, just parts of the cover and the affirmation are in german. On 21.08.2013 17:28, Alessandro Cresto Miseroglio wrote: > in English? > (http://zero-entropy.de/fpp.pdf is in Deutsch) >

PoC: Function Pointer Protection in C Programs

Hi everyone, I'd like to present you my master's thesis "Malicious Code Execution Prevention through Function Pointer Protection" [0] and its proof-of-concept implementation [1] for the gcc+glibc and would appreciate some feedback. In my thesis, I tried to find a way to prevent the exploitation o