Connect and corrupt: C++ coroutines prone to code-reuse attack despite control flow integrity (cispa.de)
from Pro@mander.xyz to programming@programming.dev on 05 Aug 09:14
https://mander.xyz/post/35343454

#programming

threaded - newest

Hirom@beehaw.org on 05 Aug 09:41 next collapse

This is a C++20 feature so most software probably aren’t using this yet.

It’s good to catch this relatively early. Crossing fingers so that compilers can fix it without breaking compatibility.

bitcrafter@programming.dev on 06 Aug 01:10 collapse

It is pretty sad that a feature that was introduced into C++ five years ago would not be widely used yet, but that also would not surprise me.

TehPers@beehaw.org on 06 Aug 01:37 collapse

The same holds true for C++20’s modules, which are really cool! Except you can’t really use them because compilers don’t fully support them yet.

tal@lemmy.today on 05 Aug 11:33 collapse

If I understand aright, the concern here is that if one finds some form of way to corrupt memory, then one could use that to corrupt memory in the program to cause the program to jump to some other code used in a coroutine in much the same way that a buffer overflow in code modifying a variable stored on the stack could permit an attacker one to overwrite a return address on a stack to jump to arbitrary code.

TehPers@beehaw.org on 05 Aug 23:21 collapse

It seems like the more interesting thing is bypassing CFI protections by abusing coroutines to jump around instead of inserting jumps to other functions.