Sigreturn-oriented programming
Arbitrary code execution exploit / From Wikipedia, the free encyclopedia
Dear Wikiwand AI, let's keep it short by simply answering these key questions:
Can you list the top facts and stats about Sigreturn-oriented programming?
Summarize this article for a 10 year old
Sigreturn-oriented programming (SROP) is a computer security exploit technique that allows an attacker to execute code in presence of security measures such as non-executable memory and code signing.[1] It was presented for the first time at the 35th IEEE Symposium on Security and Privacy in 2014 where it won the best student paper award.[2] This technique employs the same basic assumptions behind the return-oriented programming (ROP) technique: an attacker controlling the call stack, for example through a stack buffer overflow, is able to influence the control flow of the program through simple instruction sequences called gadgets. The attack works by pushing a forged sigcontext structure[3] on the call stack, overwriting the original return address with the location of a gadget that allows the attacker to call the sigreturn[4] system call.[5] Often just a single gadget is needed to successfully put this attack into effect. This gadget may reside at a fixed location, making this attack simple and effective, with a setup generally simpler and more portable than the one needed by the plain return-oriented programming technique.[1]
Sigreturn-oriented programming can be considered a weird machine since it allows code execution outside the original specification of the program.[1]