jemalloc is a userland memory allocator that is being increasingly adopted by software projects as a high performance heap manager. It is used in Mozilla Firefox for the Windows, Mac OS X and Linux platforms, and as the default system allocator on the FreeBSD and NetBSD operating systems. Facebook also uses jemalloc in various components to handle the load of its web services. However, despite such widespread use, there is no work on the exploitation of jemalloc.
Our research addresses this. We will begin by examining the architecture of the jemalloc heap manager and its internal concepts, while focusing on identifying possible attack vectors. jemalloc does not utilize concepts such as 'unlinking' or 'frontlinking' that have been used extensively in the past to undermine the security of other allocators. Therefore, we will develop novel exploitation approaches and primitives that can be used to attack jemalloc heap corruption vulnerabilities. As a case study, we will investigate Mozilla Firefox and demonstrate the impact of our developed exploitation primitives on the browser's heap. In order to aid the researchers willing to continue our work, we will also release our jemalloc debugging tool belt.
Patroklos Argyroudis is a computer security researcher at Census Inc, a company that builds on strong research foundations to offer specialized IT security services to customers worldwide. Patroklos holds a PhD in Computer Security from the University of Dublin, Trinity College, where he has also worked as a postdoctoral researcher on applied cryptography. His current focus is on vulnerability research, exploit development, reverse engineering, source code auditing and malware analysis. Patroklos has presented research at several international security conferences on topics such as kernel exploitation, kernel mitigation technologies, and electronic payments.
Chariton is an undergraduate student at the engineering school and works as an intern at Census Inc. His research interests include compilers, static analysis, reverse engineering and source code auditing. He enjoys spending his free time studying maths and coding stuff.