Linked by Thom Holwerda on Mon 10th Nov 2008 08:31 UTC, submitted by irbis
"If you want to make sure your computer or server is not tricked into undertaking malicious or undesirable behavior, it's not enough to keep bad code out of the system. Return-oriented programming exploits start out like more familiar attacks on computers. The attacker takes advantage of a programming error in the target system to overwrite the runtime stack and divert program execution away from the path intended by the system's designers. But instead of injecting outside code - the approach used in traditional malicious exploits - return-oriented programming enables attackers to create any kind of nasty computation or program by using just the existing code."
Permalink for comment 336823
To read all comments associated with this story, please click here.
To read all comments associated with this story, please click here.
Recent Original Stories
Recent Comments
Headlines
Random Comments
Random Stories
Random OS Link
Member since:
2005-07-07
I guess that this proves that ASLR and SSP is necessary. Some have argued that it is just a bandaid to badly coded software. Now it seems that even well coded software can benefit from having these protections in place as well.