Linux Kernel (SLUB/SLAB)

[zachriggle]

It'd be nice to see some write-ups on SLUB / SLAB exploitation.

It should be relatively easy to rip out the allocator and turn it into a user-space library a la LD_PRELOAD.

[zardus]

That'd be really cool! Some relevant resources:

• https://en.wikipedia.org/wiki/Linux_Kernel_Library
• http://user-mode-linux.sourceforge.net/

LKL might be applicable to this usecase, though I haven't looked into it.

[kotee4ko]

It's seems that pointer mangling protection in 2.32 work the same as CONFIG_SLAB_FREELIST_HARDENED=y I think, it will be very very nice to read some material about techniques to deal with that type of exp from you, guys. Thanks.