On the Expressiveness of Return-Into-Libc Attacks
Return-Into-LibC (RILC) is one of the most common forms of code-reuse attacks. In this attack, an intruder uses a buffer overflow or other exploit to redirect control flow through existing (libc) functions within the legitimate program. While dangerous, it is generally considered limited in its expressive power since it only allows the attacker to execute straight-line code. In other words, RILC attacks are believed to be incapable of arbitrary computation - they are not Turing complete. Consequently, to address this limitation, researchers have developed other code-reuse techniques, such as Return-Oriented Programming (ROP). In this paper, the authors make the counterargument and demonstrate that the original RILC technique is indeed Turing complete.