I just finished the chapter on FORTIFY_SOURCE, a patch for GCC now deployed on many Linux distributions, but still used by a few (Fedora and Red Hat in particular) to protect the prebuilt packages and add an extra layer of protection against Stack, Heap and Format String Overflow. The patch is not infallible, however, in the sense that there are cases (especially in the presence of dynamically allocated buffers) that can not effectively control.
faces instead of the situation of the work done so far:
- I wrote all the time in 7 chapters for a total of 188 pages net
In the first part of the book are still missing the following topics:
- How the processor handles the mathematical calculations (in particular on the whole)
- Integer Overflow
- Description
Heap - Heap Overflow
In the second part but I still talk about:
- No-Execute Protection
- Propolice
- Advanced Exploitation of Heap Overflow
I think to proceed in this way. The next chapter which I will be No-Execute. Then I will remove half of the Integer Overflow, propolis and then talk about the end I pulled a whole heap with the issues.
Estimated time at the end of the text: I frankly do not know. I hope by the end of February but is more likely March. Depend very much on the workloads that will have to endure in recent weeks.
Greetings.
