Ο τύπος βρίσκει και πετάει τα Exploits σαν τα στραγάλια απο 'δω και απο εκεί.
Θυμίζει παλιές καλές εποχές που ήταν με το τσουβάλι.. Θα πιούμε μπύρες για τον Ian.-
Reliability:
The exploit does work, which was my goal Reliablilty is something like 30% maybe, it all hinges on how quickly you can do the initial overflow and test loop. If something else comes in and allocates or frees in kalloc.16 you increase the probability that you corrupt a freelist entry or something else and will panic.
I'm sure the exploit can be made more reliable; I've only got it to the point where I've demonstrated that this bug is exploitable. If you want to take this as a starting point and demonstrate how to improve reliability I'd love to read a blog post! I imagine this would involve actually monitoring kalloc.16 allocations and understanding what the failure cases are and how they can be prevented.
Success rates seem to be highest when the device has been rebooted and left idle for a bit.
https://bugs.chromiu.../detail?id=1564
Τελευταία επεξεργασία από: nikosgnr, 13/06/2018 - 22:14.