|
|
|
|
|
|
by woodruffw
2259 days ago
|
|
|
I do research in this space professionally. The answer is not always, but sometimes: discovering unintended states or transitions in the execution contract of a program is a common building block for exploits. However, proving that the execution contract of a program can be coerced into representing computations in a TC language doesn't necessarily prove that you can do anything interesting. Complex formats like PDF are a good example of this: you can probably contrive a PDF input such that the parser's state represents a minimal (and TC) language while interpreting it (e.g. a language with a few mathematical operators and a "store" primitive), but that doesn't magically get you network access or arbitrary memory read/writes. You need to show that said language, when programmed in, can affect the overall execution contract in a way that violates high-level assumptions. Some resources (FD: my company's) on the subject: * https://blog.trailofbits.com/2019/11/01/two-new-tools-that-t... * https://blog.trailofbits.com/2018/10/26/the-good-the-bad-and... |
|
|