|
A Possible Cure for Exploitable Heap Corruption in Windows 7
|
Posted by Donster on: 2009-12-31 15:03:19 265
|
By Scott M. Fulton, III @ BetaNews
The key to a huge plurality, if not a majority, of exploits that have plagued Microsoft Windows over the past two decades has been tricking the system into executing data as though it were code. A malicious process can place data into its own heap -- the pile of memory reserved for its use -- that bears the pattern of executable instructions. Then once that process intentionally crashes, it can leave behind a state where the data in that heap is pointed to and then executed, usually without privilege attached.
Yet it doesn't take a malicious user to craft a heap corruption. Multithreaded applications that make use of collective heaps become like multiple users of a single, distributed database. Without intensive methodologies to maintain vigilance, making sure one thread doesn't corrupt an application's heap for all the other threads, the app collapses into something more closely resembling the more colloquial meaning of the metaphor "heap." Microsoft would like to present its development environments and runtime frameworks as providing these vigilance services on behalf of the developer, so she can concentrate on her application. But in recent years, what developers don't know about what's going on under the hood, has come back to bite them.
Read more...
|
|
News Source: Email
|
|
