| Popis: |
This chapter discusses various different vulnerability classes that may affect an operating system. It starts with vulnerabilities related to the dereferencing of an uninitialized, trashed, or improperly sanitized pointer. Memory corruption vulnerabilities, which are divided into two major categories, are also discussed. These categories are stack corruption and heap corruption. In most cases, a memory corruption leads to a corrupted pointer that will then be dereferenced. Next, the chapter discusses integer issues, a group of vulnerabilities that depend on incorrect use of or operations on numbers. This kind of vulnerability can be pretty subtle and has extensively plagued nearly all versions of modern operating systems today. Integer issues are the last vulnerability class that is relatively easy to model. Following this, the chapter discusses logic bugs and race conditions. The basic idea behind race conditions is that a correct kernel path can lead to incorrect/exploitable results whenever more than one thread gets to execute it at the same time. The key point in race conditions is the size of the raceable window, which puts a constraint on how easily the race condition can be triggered. This chapter presents three examples: reference counter overflows, physical- device-generated bugs, and the particularly interesting category of kernel-generated user-land helper vulnerabilities. |
