Documente Academic
Documente Profesional
Documente Cultură
Robert N. M. Watson
USENIX WOOT07
August 6, 2007
The Plan
● A brief history of concurrency and security
● Introduction to system call interposition and
wrapper systems
● Explore system call wrapper race conditions
● Discuss exploit techniques
– Case studies using GSWTK and Systrace
– A toolkit for exploiting system call wrapper races
● Moralize about the importance of concurrency
Access Requests
System Calls
Sysjail/Systrace bind()
precondition system call
kernel
P1
user
Sysjail
Attacker copies in
copies Sysjail replaces IP bind() copies in
0.0.0.0;
0.0.0.0 with jail address 0.0.0.0 and uses
validates
into 192.168.100.20 it to bind socket
and
memory accept it.