Chapter 11. Bypassing Protections with ROP
When I'm in conversations with friends and family about airport security, a quip I often hear is maybe we should just ban the passengers. Though this is obviously facetious, let's think about it for a moment—no matter what we do to screen everyone walking onto an airplane, we have to allow at least some people through the gates—particularly, the pilots. There's a clear divide between the malicious outsider with no good intention and the trusted insider who, by virtue of his or her role, must be given the necessary access to get some work done. Let's think of the malicious outsiders trying to get on the plane with all kinds of nasty stuff as shellcode, and the trusted pilot who runs the show as the legitimate native binary. With perfect security screening guaranteeing that no malicious individual can walk onto a plane, you will still have to trust that the pilot isn't corrupted by an outside influence; his or her power being leveraged to execute...
