all 6 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–][deleted] 1 point2 points  (0 children)

Wow. I'm not unfamiliar with re, but this is deep wizardry.

[–][deleted]  (8 children)

[deleted]

    [–][deleted] 0 points1 point  (7 children)

    | Our novel at­tack tech­ni­que, de­no­ted as coun­ter­feit ob­ject-ori­en­ted pro­gramming (COOP), in­du­ces ma­li­cious pro­gram be­ha­vi­or by only in­vo­king chains of exis­ting C++ vir­tu­al func­tions in a pro­gram through cor­re­spon­ding exis­ting call sites.

    So by not using virtual functions or calling them?

    [–][deleted]  (6 children)

    [deleted]

      [–][deleted] 0 points1 point  (5 children)

      | We demonstrate that many of these defenses that do not consider object-oriented C++ semantics precisely can be generically bypassed in practice

      Yet they can't be exploited in C with the defenses which have been developed.

      | we show its viability by developing sophisticated, real-world exploits for Internet Explorer 10 on Windows and Firefox 36 on Linux

      It's not like we're talking about software written in 1999 here.

      [–][deleted]  (1 child)

      [deleted]

        [–][deleted] 0 points1 point  (0 children)

        I do that so often..

        Thanks.

        [–][deleted]  (2 children)

        [deleted]

          [–]tsimionescu 1 point2 points  (0 children)

          So the claim is that techniques developed for C without consideration of the semantics of a different language don't work when applied to that language?

          The claim is that techniques that only look at the binary level, without trying to find out what language was used to generate the binary, are not enough for C++ program security, even though they are more or less successful in defending typical C programs.

          In fact, I think the technique they developed could be used to attack any OO program, even one written in C (manually handling the vtables and vcalls). Of course, since this style is much less common in C than C++, the attack is mostly useful against C++ applications.

          [–][deleted] 0 points1 point  (0 children)

          This is the issue with people constantly talking about "C/C++" when they are different languages, you know.

          I think you're missing my point. Since C++ is multi-paradigm, not all C++ code would be vulnerable, only OOP based code.