Saturday, August 15, 2015

The Bugs We Have to Kill

This article is a pretty nice read, I think, because it manages to unite exploit development, Floyd-Hoare correctness proofs, and parsing.

It makes really good points. Almost all of the correctness-assistance tools that I've seen rely on preconditions holding before the function call. Sadly, if an exploiter can use return-oriented programming then these preconditions can be broken at run-time even if they can be proven correct at compile-time.

No comments:

Post a Comment