My favorites | Sign in
Google
Project Home
  
Downloads
  
Wiki
  
Issues
  
Source
    
New issue | Search
for
| Advanced search | Search tips
Issue 51: Direction Flag Sandbox Bypass
3 people starred this issue and may be notified of changes. Back to list
Status:  Fixed
Owner:  b...@google.com
Closed:  Apr 2009
Security-Contest


Sign in to add a comment
 
Reported by mark.dowd, Mar 12, 2009 
NaCl applications are able set the direction flag in the EFLAGS register
(using std), causing movs and scan instructions to operate in reverse
rather than going forward in memory. Since the EFLAGS register is preserved
across "system calls", an attacker may set the direction flag and then
request a service from the NaCl runtime and cause memory corruption.
direction.zip
266 KB   Download
Comment 1 by mark.dowd, Mar 12, 2009 
Team name should be "Beached As"
Comment 2 by nativeclient.admin, Mar 12, 2009 
(No comment was entered for this change.)
Owner: b...@google.com
Comment 3 by b...@google.com, Mar 13, 2009 
issue on windows only.
Comment 4 by bradc...@google.com, Mar 19, 2009 
(No comment was entered for this change.)
Status: Accepted
Comment 5 by nativeclient.admin, Apr 10, 2009 
Fix released in build 57.
Status: Fixed
Sign in to add a comment