A binary search is not a very interesting topic as it is a well known and fairly simple algorithm. However, I have encountered an interesting variant of it lately – one that I would like to share.
The Linux Kernel defines one Jiffy as the period of time between two consecutive system timer interrupts, and keeps a “jiffies” counter. Having jiffies, the next handy parameter would be the amount of delay-loop iterations that the CPU is able to fit in a single jiffy. With this number at hand (and known timer frequency) the kernel is able to support fine-grained execution delays, for instance. How would you implement computation of said “loops_per_jiffy” parameter?
Continue reading Bitwise binary search
Linux (through its dynamic linker) offers a mechanism for loading a predefined shared library prior to loading any other library. This feature can be utilized to override certain functions in other shared libraries (for instance, to provide a different malloc implementation), or more generally: it can be used to get your own code to execute in the context of a different process. There are, of course, some security restrictions in place for preventing pre-loading your own code with setuid programs and the likes. In this post we shall present an exploitation of this feature which produces quite a frustrating prank.
Continue reading Preloading a segfault