Exploiting the Hard-Working DWARF: Trojan and Exploit Techniques Without Native Executable Code
The paper of vulnerabilities and exploitation is one of finding mechanisms affecting the flow of computation and of finding new means to perform unexpected computation. In this paper, the authors show the extent to which exception handling mechanisms as implemented and used by gcc can be used to control program execution. They show that the data structures used to store exception handling information on UNIX-like systems actually contain Turing-complete bytecode, which is executed by a virtual machine during the course of exception unwinding and handling. They discuss how a malicious attacker could gain control over these structures and how such an attacker could utilize them once control has been achieved.