Re: PoC: Function Pointer Protection in C Programs

2013-08-22 Thread Stephen Röttger
> After bit of thought a loops with callback can be optimized by gcc. > > It could be possible to teach CSE to rewrite > > while(foo){ > check(p); > (*p)(x,y,z); > } > > into > > check(p); > while(foo){ > (*p)(x,y,z); > } > This might introduce security issues, if an attacker is able to o

Re: [oss-security] PoC: Function Pointer Protection in C Programs

2013-08-22 Thread Stephen Röttger
> Your approach seems to have some slight similarities with -fvtable-verify: > > > Maybe some code sharing could be achieved? Thanks for the hint, this project was actually a big inspiration for my thesis and is part of my related work, alth

Re: PoC: Function Pointer Protection in C Programs

2013-08-22 Thread Ondřej Bílka
On Wed, Aug 21, 2013 at 07:04:58PM +0200, Stephen Röttger wrote: > > > What is performance impact for program that just qsorts big array? It > > looks like worst case scenario for me. > > I just put together a quick test program that sorts an array of 10^6 > integers and stopped the execution tim

Re: [oss-security] PoC: Function Pointer Protection in C Programs

2013-08-21 Thread Hannes Frederic Sowa
Hi! On Wed, Aug 21, 2013 at 04:43:13PM +0200, Stephen Röttger wrote: > Approach: > The basic idea of the thesis is to record all addresses that are > assigned to a function pointer variable at some place in the program (or > in one of the shared libraries) and if a function pointer is called, > ve

Re: PoC: Function Pointer Protection in C Programs

2013-08-21 Thread Stephen Röttger
> What is performance impact for program that just qsorts big array? It > looks like worst case scenario for me. I just put together a quick test program that sorts an array of 10^6 integers and stopped the execution time using "time". The results are as follows (+- 0,01s): protection disabled,

Re: PoC: Function Pointer Protection in C Programs

2013-08-21 Thread Ondřej Bílka
On Wed, Aug 21, 2013 at 04:43:13PM +0200, Stephen Röttger wrote: > Hi everyone, > > I'd like to present you my master's thesis "Malicious Code Execution > Prevention through Function Pointer Protection" [0] and its > proof-of-concept implementation [1] for the gcc+glibc and would > appreciate some

Re: PoC: Function Pointer Protection in C Programs

2013-08-21 Thread Alessandro Cresto Miseroglio
I'm terrible sorry, I've just seen the first couple of pages and I was wrong...thanks.

Re: PoC: Function Pointer Protection in C Programs

2013-08-21 Thread Stephen Röttger
The pdf is in english, just parts of the cover and the affirmation are in german. On 21.08.2013 17:28, Alessandro Cresto Miseroglio wrote: > in English? > (http://zero-entropy.de/fpp.pdf is in Deutsch) >

Re: PoC: Function Pointer Protection in C Programs

2013-08-21 Thread Alessandro Cresto Miseroglio
in English? (http://zero-entropy.de/fpp.pdf is in Deutsch)

PoC: Function Pointer Protection in C Programs

2013-08-21 Thread Stephen Röttger
Hi everyone, I'd like to present you my master's thesis "Malicious Code Execution Prevention through Function Pointer Protection" [0] and its proof-of-concept implementation [1] for the gcc+glibc and would appreciate some feedback. In my thesis, I tried to find a way to prevent the exploitation o