
Writing FreeBSD Malware [video] - adamnemecek
https://m.youtube.com/watch?v=bT_k06Xg-BE
======
OneLessThing
“Exploit authors don’t really care about stack cookies, especially with
today’s techniques like rop, jop, srop”

None of those suggested techniques address stack cookies but okay, I’ll keep
listening.

“We can overwrite parts of the heap, the problem is the heap is not executable
on amd64 and arm64”

And that’s where you’ve lost me. Processor has no concept of the “heap.”
Whether or not you can make heap pages executable is up to the OS, and all
common OS’s let you do this. Not only that, but the browser you’re using to
view this very page is probably using executable allocations right now to JIT
the (very little) JavaScript on this site.

~~~
drb91
I interpreted it as meaning “by default”.

~~~
OneLessThing
amd64 and arm64 have no default heap configuration, they don’t even know what
the heap is. Same is true for their 32 bit equivalents. If he said Linux based
OS’s or Windows have non executable heaps then I’d have kept watching because
yeah you could assume he meant “by default”. Instead he blamed the processor
and not only that but only 64 bit processors. It’s a massive misunderstanding
on his part.

~~~
drb91
By default on some os.

Doesn’t strike me as a misunderstanding at all—my current cpu/os combo also
doesn’t ship with an executable heap. This strikes me as lazy editing, but not
a clear misunderstanding.

------
aquamo
Nice presentation.

Is the hardenedbsd web site's security feature comparison table up to date?

Edited to remove comment about my confusion that Carolinacon14 -> 2014; not
the case. It's 2018.

~~~
loeg
> Is the hardenedbsd web site's security feature comparison table up to date?

It's misleading, if not outright inaccurate.

