The Scudo allocator is a memory allocator designed primarily for C/C++. Designed as part of the LLVM project, it has gained popularity as an alternative choice to allocators like ptmalloc2, most prominently being used as Android's default allocator since Android 11. Scudo aims to provide efficient memory allocation and deallocation whilst mitigating common vulnerabilities such as heap buffer overflows, use-after-frees, and double frees. As the risk associated with these vulnerabilities continues to rise, scudo is primed to become more and more of a prominent choice for developers to use.
This talk will cover a high-level overview of the current, as well as completely new, exploitation techniques related to the scudo allocator. We will run through the inner workings of the allocator, looking at security-based design choices such as quarantine regions, randomized allocation, red-zone regions, and hardened headers. Then, we'll review the existing research for exploiting the allocator, before demonstrating completely new techniques that expand what scenarios are possible to exploit. Attendees will gain a proper understanding of the motivations behind scudo's design choices, and the go-to techniques for exploiting the allocator.
Zac Ecob
Second year computer science student @ UNSW. Binary nerd. Occasionally play CTFs for teams like Blitzkreig and Water Paddler. Have previously talked at conferences such as Bsides Sydney and Scones, mainly revolving around kernel exploitation.