Some Musings on Common (eBPF) Linux Tracing Bugs

Having been in the game of auditing kprobe-based tracers for the past couple of years, and in light of this upcoming DEF CON on eBPF tracer race conditions (which you should go watch) being given by a friend of mine from the NYU(-Poly) (OSIR)IS(IS) lab, I figured I would wax poetic on some of the … Continue reading Some Musings on Common (eBPF) Linux Tracing Bugs →

eBPF Adventures: Fiddling with the Linux Kernel and Unix Domain Sockets

tl;dr eBPF (extended Berkeley Packet Filter) is slowly taking over as a programmatic way for (generally privileged) users to invoke Linux kernel APIs and performantly execute semi-arbitrary code without having to load it from a custom kernel module. eBPF is a general means to load memory safe restricted code that reduces the risk of crashes, … Continue reading eBPF Adventures: Fiddling with the Linux Kernel and Unix Domain Sockets →

Whitepaper – A Heap of Trouble: Breaking the Linux Kernel SLOB Allocator

by Dan Rosenberg In this paper, we will systematically evaluate the implementation of the Linux kernel SLOB allocator to assess exploitability. We will present new techniques for attacking the SLOB allocator, whose exploitation has not been publicly described. These techniques will apply to exploitation scenarios that become progressively more constrained, starting with an arbitrary length, … Continue reading Whitepaper – A Heap of Trouble: Breaking the Linux Kernel SLOB Allocator →