Date: Tue, 17 Nov 2015 18:39:51 +0300 From: Solar Designer <solar@...nwall.com> To: Bernd Schmidt <bernds_cb1@...nline.de> Cc: oss-security@...ts.openwall.com Subject: x86 ROP mitigation Bernd, all - A few days ago, Bernd Schmidt posted this gcc patch: https://gcc.gnu.org/ml/gcc-patches/2015-11/msg01773.html "This adds a new -mmitigate-rop option to the i386 port. The idea is to mitigate against certain forms of attack called "return oriented programming" that some of our security folks are concerned about. [...] This patch is a small step towards preventing this kind of attack. I have a few more steps queued (not quite ready for stage 1), but additional work will be necessary to give reasonable protection." This was followed with a few tweets: TTYtter> /th zz7 zz0> (x13) <RichFelker> #gcc i386 ROP mitigation https://gcc.gnu.org/ml/gcc-patches/2015-11/msg01773.html zz1> <@solardiz> @RichFelker This is ridiculous as it is, but I'll defer judgement until I see further steps that Bernd has queued zz2> <@RichFelker> @solardiz I have concerns about the deg to which is possible, but doesn't just reducing the freq of these bytes reduce chance of exploit? zz3> <@solardiz> @RichFelker I think this patch alone doesn't help at all. It might break some pre-existing exploits, but so would many non-security options. zz4> <@stevecheckoway> @solardiz @RichFelker I agree. This doesn't seem useful. ROP using only intended instructions works just fine (as does ROP without returns). zz5> <@joshbressers> @stevecheckoway @solardiz @RichFelker I'm certainly not smart enough to help with this, but we should work together, don't just complain. zz6> <@solardiz> @joshbressers @stevecheckoway @RichFelker I think one of us should ask Bernd to outline his plan and let the community comment on it zz7> <@joshbressers> @solardiz @stevecheckoway @RichFelker You need to engage about this on oss-security. There is a plan, that patch is step 1. Bernd, I'd appreciate it if you describe your plan in a reply to this e-mail. Please keep oss-security CC'ed. Thank you for your work! Alexander
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ