bbqueue
how-to-exploit-a-double-free
bbqueue | how-to-exploit-a-double-free | |
---|---|---|
2 | 13 | |
389 | 1,293 | |
- | - | |
5.2 | 0.0 | |
5 months ago | over 2 years ago | |
Rust | Python | |
Apache License 2.0 | - |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
bbqueue
-
A bug that doesn’t exist on x86: Exploiting an ARM-only race condition
I particularly like lock-free (wait-free?) SPSC queues because they're (relatively) easy to get right, and are extremely useful for buffering in embedded systems. I end up with something like this on almost every project:
One side of the queue is a peripheral like a serial port that needs to be fed/drained like clockwork to avoid losing data or glitching (e.g. via interrupts or DMA), and the other side is usually software running on the main thread, that wants to be able to work at its own pace and also go to sleep sometimes.
An SPSC queue fits this use-case nicely. James Munns has a fancy one written in Rust [1], and I have a ~100 line C template [2].
[1] https://github.com/jamesmunns/bbqueue
[2] https://gist.github.com/ohazi/40746a16c7fea4593bd0b664638d70...
-
A GPIO Driver in Rust
I would be interested in what you think of something like BBQueue:
https://github.com/jamesmunns/bbqueue
how-to-exploit-a-double-free
-
US Cybersecurity: The Urgent Need for Memory Safety in Software Products
No. In order to exploit modern memory corruptions, you have to most often send a shitload of data with significant lengths to fill up memory strategically and/or rop gadget jump addresses. None of this looks like real payloads.
https://github.com/stong/how-to-exploit-a-double-free
The analogy to firewalls is that you would specify the exact condition of the input for it to forward to the actual program. For example, if your endpoint receives json, you would validate the json and check each field value for valid range, ie min max number of characters and what those character values could be for each field. Just like a firewall limits who can talk to who in way.
-
A deep dive into an NSO zero-click iMessage exploit: Remote Code Execution
I think what he means with historically is before ASLR, DEP, and other mitigations, where a buffer overflow meant you can simply overwrite the return pointer at ESP, jump to the stack and run any shellcode. Mitigations have made exploitation much, much more complex nowadays. See for example https://github.com/stong/how-to-exploit-a-double-free
- How to exploit a double free vulnerability in 2021
- This bug doesn’t exist on x86: Exploiting an ARM-only race condition
- A bug that doesn’t exist on x86: Exploiting an ARM-only race condition
What are some alternatives?
triple-buffer - Implementation of triple buffering in Rust
loom - Concurrency permutation testing tool for Rust.
Windows-driver-samples - This repo contains driver samples prepared for use with Microsoft Visual Studio and the Windows Driver Kit (WDK). It contains both Universal Windows Driver and desktop-only driver samples.
wuffs - Wrangling Untrusted File Formats Safely
cortex-m - Low level access to Cortex-M processors
llvm-project - The LLVM Project is a collection of modular and reusable compiler and toolchain technologies. This fork is used to manage Apple’s stable releases of Clang as well as support the Swift project.
rust - Rust language bindings for TensorFlow
click - The Click modular router: fast modular packet processing and analysis
linux - Linux kernel source tree
rust - Empowering everyone to build reliable and efficient software.