Created
June 10, 2013 23:26
-
-
Save stephenR/5753362 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| \begin{tikzpicture}[% | |
| >=triangle 60, % Nice arrows; your taste may be different | |
| start chain=going below, % General flow is top-to-bottom | |
| node distance=9mm and 45mm, % Global setup of box spacing | |
| every join/.style={norm}, % Default linetype for connecting boxes | |
| ] | |
| % ------------------------------------------------- | |
| % A few box styles | |
| % <on chain> *and* <on grid> reduce the need for manual relative | |
| % positioning of nodes | |
| \tikzset{ | |
| base/.style={draw, on chain, on grid, align=center, minimum height=4ex}, | |
| proc/.style={base, rectangle, text width=8em}, | |
| test/.style={base, diamond, aspect=2, text width=6em}, | |
| term/.style={proc, rounded corners}, | |
| % coord node style is used for placing corners of connecting lines | |
| coord/.style={coordinate, on chain, on grid, node distance=9mm and 25mm}, | |
| spacer/.style={coordinate, on chain, on grid}, | |
| % nmark node style is used for coordinate debugging marks | |
| nmark/.style={draw, cyan, circle, font={\sffamily\bfseries}}, | |
| % ------------------------------------------------- | |
| % Connector line styles for different parts of the diagram | |
| norm/.style={->, draw}, | |
| it/.style={font={\small\itshape}} | |
| } | |
| \node [test] (vulntype) {Vulnerability Type}; | |
| \node [spacer, left=of vulntype] (c1) {}; \cmark{1}; | |
| \node [test] (ssp) {SSP}; | |
| \node [term] (info1) {Information Disclosure}; | |
| \node [term, join] (overwrite) {Overwrite Saved Return Address}; | |
| \node [term, right=of overwrite] (got) {Overwrite Entry in GOT}; | |
| \node [spacer, right=of vulntype] (c2) {}; \cmark{2}; | |
| \node [test] (pie) {ASLR \& PIE}; | |
| %\node [spacer, right=of info1] (c4) {}; \cmark{4}; | |
| \node [term] (info2) {Information Disclosure}; | |
| \node [test, right=of got] (relro) {RELRO}; | |
| \node [term] (fini) {Overwrite Global Function Pointer or .dtors Section Entry}; | |
| \node [term, left=of fini] (final) {Control over Instruction Pointer}; | |
| \node [spacer, left=of final] (c3) {}; \cmark{3}; | |
| \node [coord, left=of info1] (c4) {}; \cmark{4}; | |
| \node [coord, right=of info2] (c5) {}; \cmark{5}; | |
| \path (ssp.south) to node [near start, xshift=1em] {$y$} (info1); | |
| \draw [->] (ssp.south) -- (info1); | |
| \path (pie.south) to node [near start, xshift=1em] {$y$} (info2); | |
| \draw [->] (pie.south) -- (info2); | |
| \path (relro.south) to node [near start, xshift=1em] {$y$} (fini); | |
| \draw [->] (relro.south) -- (fini); | |
| \path (relro.west) to node [near start, yshift=1em] {$n$} (got); | |
| \draw [->] (relro.west) -- (got); | |
| \draw [->] (info2.south) -- (relro); | |
| \draw [->] (fini.west) -- (final); | |
| \draw [->] (got.south) -- (final); | |
| \path (vulntype.west) to node [xshift=-2em, yshift=1em] {Linear Stack Overwrite} (c1); | |
| \draw [->] (vulntype.west) -- (c1) -- (ssp); | |
| \path (vulntype.east) to node [xshift=2em, yshift=1em] {Arbitrary Overwrite} (c2); | |
| \draw [->] (vulntype.east) -- (c2) -- (pie); | |
| \path (ssp.west) to node [yshift=2em,xshift=0.5em] {$n$} (c4); | |
| \draw [->] (ssp.west) -| (c4) |- (overwrite); | |
| \draw [->] (overwrite.south) -- (c3) -- (final); | |
| \path (pie.east) to node [yshift=2em,xshift=-0.5em] {$n$} (c5); | |
| \draw [->] (pie.east) -| (c5) |- (relro); | |
| \end{tikzpicture} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment