Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 17 Nov 2015 17:11:39 -0500
From: Rich Felker <dalias@...c.org>
To: oss-security@...ts.openwall.com
Subject: Re: Re: Fwd: x86 ROP mitigation

On Tue, Nov 17, 2015 at 01:52:07PM -0500, Daniel Micay wrote:
> Is that really the right approach vs. preventing hijacking of flow
> control via return pointers and function pointers? It doesn't really
> seem like there's an end game in mind where it actually prevents ROP
> rather than just removing many useful gadgets. Making useful ROP gadgets
> harder to find doesn't mean much, since tools are used to find them and
> the tools can be improved if it becomes necessary.
> 
> i.e. why not just go with something like PaX's RAP

My understanding is that it's not ABI-compatible with non-RAP code, so
you'd essentially be going with a whole new ABI. If so, this is going
to be completely impractical for most users. Am I mistaken?

Rich

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ