i feel like using asserts in exploits is a highly slept on tip #northsec#ctf
i'm trying to practice good exploit software engineering because i basically need to head back to the ctf tomorrow morning, run my exploit, get the flag, and immediately leave for the airport asap
maybe i should write some unit tests too 🤔 the exploit is already object oriented which is a game changing tip i learned from @Zardus and others :)
• • •
Missing some Tweet in this thread? You can try to
force a refresh
after a fork+exec to run a subshell, a parent process will page fault on every first write to every single writable page in its address space
it's common knowledge that after a fork(), a child has unwritable page table entries to facilitate Copy-On-Write (COW)
but in addition, the parent must also have its virtual memory completely write protected. otherwise, writes would be visible in the child
even if the child immediately execs, leaving the parent the only owner of the previously shared physical frames, the parent still has a completely write protected address space.
it will minor fault on every write access to a new page from this point on
Fun fact: you can use /proc/self/mem to bypass write protections for memory pages 📝
Why does this work? Isn't the kernel subject to memory permissions? Answer: sometimes 🛡
..so what does the FOLL_FORCE flag do?
If you're ready to dive in the weeds and walk through the linux kernel with me for 45 min, keep watching😂 Covering page faults, copy on write, permission enforcement, etc
I love the tone of this paper. It has the wistfulness of someone whose been on a long, long journey and has immense experience to share. cacm.acm.org/careers/245589…
constexpr took 16 YEARS for standardization :O
Reasoning behind the policy to prefer adding features to the library vs the language