Heap feng shui

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search

In computer security, heap feng shui is a technique used in exploits to facilitate arbitrary code execution.[1] The technique attempts to manipulate the layout of the heap by making heap allocations of carefully selected sizes. It is named after feng shui, an ancient Chinese system of aesthetics that involves the selection of precise alignments in space.

Operation[edit]

The term is general and can be used to describe a variety of techniques for bypassing heap protection strategies. The paper often credited with naming the technique, "Heap Feng Shui in JavaScript",[2] used it to refer to an exploit in which a dangling pointer was aligned with a portion of an attacker-controlled chunk. However, it has also found usage in capture the flag events to describe attacks that exploit characteristics of heap layout, such as the spacing between chunks.[3]

See also[edit]

References[edit]

  1. ^ "Heaps and Bounds". Trend Micro. September 3, 2007. Retrieved 2009-08-10. 
  2. ^ "Flip Feng Shui". VUSec. Vrije Universiteit Amsterdam. Retrieved 19 June 2018. 
  3. ^ Keith, Bruno. "Baby Feng Shui". Retrieved 19 June 2018. 

External links[edit]