Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

At the time, Todd was testing with whatever the popular rop compiler was, and it wasn't able to chain anything using libc. Even on amd64 you can restrict which gadgets are available. Maybe you can find other approaches with a careful hand search, but I think knocking out the biggest exploit generator is hardly flawed in a practical sense.


People don't generate exploits using popular ROP compilers.


what are popular ROP compilers used for then?


CTF challenges mostly


so they're used in combination with already known exploits but you're saying no one uses them during the development of exploits?


No, they’re mostly toys and demos. They’re not an accurate representation of real-world exploit development.


oh i must be confused about what a CTF challenge is


CTF challenges are to cooking competitions what exploit development is to being a restaurant cook. There are time limits, practicality is less of a concern, and everyone knows that toy constraints are added because nobody wants to watch you stare at IDA for three weeks




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: