Tuesday, April 17, 2007

RELRO

RELRO is used on newer Linux distributions to place commonly exploited structures in ELF
binaries to a quasi-readonly location. Especially the GOT, often used within heap
based exploits is made read-only after relocation by the dynamic linker. Today I analyzed
how exploits could be done in future nevertheless of NX, ASLR, RELRO etc.
An ASCII-file describing exploitation via fini() can be found
here.

Update:
The issue is now handled as a bug. Newer GCC versions probably fix this issue.
However, I doubt you can put all constructors/destructors within -w pages
or at randomized locations.
As a side note: Not many ppl seem to be in YOUNIX exploitation anymore. They
either seem to sell exploits to certain companies, do Win stuff or collect bugs
for a month-of-silly-appz-bugs.