Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Tue, 17 Nov 2015 18:39:51 +0300
From: Solar Designer <solar@...nwall.com>
To: Bernd Schmidt <bernds_cb1@...nline.de>
Cc: oss-security@...ts.openwall.com
Subject: x86 ROP mitigation

Bernd, all -

A few days ago, Bernd Schmidt posted this gcc patch:

https://gcc.gnu.org/ml/gcc-patches/2015-11/msg01773.html

"This adds a new -mmitigate-rop option to the i386 port. The idea is to
mitigate against certain forms of attack called "return oriented
programming" that some of our security folks are concerned about.
[...]
This patch is a small step towards preventing this kind of attack.
I have a few more steps queued (not quite ready for stage 1), but
additional work will be necessary to give reasonable protection."

This was followed with a few tweets:

TTYtter> /th zz7
zz0> (x13) <RichFelker> #gcc i386 ROP mitigation https://gcc.gnu.org/ml/gcc-patches/2015-11/msg01773.html
zz1> <@solardiz> @RichFelker This is ridiculous as it is, but I'll defer judgement until I see further steps that Bernd has queued
zz2> <@RichFelker> @solardiz I have concerns about the deg to which is possible, but doesn't just reducing the freq of these bytes reduce chance of exploit?
zz3> <@solardiz> @RichFelker I think this patch alone doesn't help at all. It might break some pre-existing exploits, but so would many non-security options.
zz4> <@stevecheckoway> @solardiz @RichFelker I agree. This doesn't seem useful. ROP using only intended instructions works just fine (as does ROP without returns).
zz5> <@joshbressers> @stevecheckoway @solardiz @RichFelker I'm certainly not smart enough to help with this, but we should work together, don't just complain.
zz6> <@solardiz> @joshbressers @stevecheckoway @RichFelker I think one of us should ask Bernd to outline his plan and let the community comment on it
zz7> <@joshbressers> @solardiz @stevecheckoway @RichFelker You need to engage about this on oss-security. There is a plan, that patch is step 1.

Bernd, I'd appreciate it if you describe your plan in a reply to this
e-mail.  Please keep oss-security CC'ed.

Thank you for your work!

Alexander

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.