Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Tue, 17 Nov 2015 18:39:51 +0300
From: Solar Designer <solar@...nwall.com>
To: Bernd Schmidt <bernds_cb1@...nline.de>
Cc: oss-security@...ts.openwall.com
Subject: x86 ROP mitigation

Bernd, all -

A few days ago, Bernd Schmidt posted this gcc patch:

https://gcc.gnu.org/ml/gcc-patches/2015-11/msg01773.html

"This adds a new -mmitigate-rop option to the i386 port. The idea is to
mitigate against certain forms of attack called "return oriented
programming" that some of our security folks are concerned about.
[...]
This patch is a small step towards preventing this kind of attack.
I have a few more steps queued (not quite ready for stage 1), but
additional work will be necessary to give reasonable protection."

This was followed with a few tweets:

TTYtter> /th zz7
zz0> (x13) <RichFelker> #gcc i386 ROP mitigation https://gcc.gnu.org/ml/gcc-patches/2015-11/msg01773.html
zz1> <@...ardiz> @RichFelker This is ridiculous as it is, but I'll defer judgement until I see further steps that Bernd has queued
zz2> <@...hFelker> @solardiz I have concerns about the deg to which is possible, but doesn't just reducing the freq of these bytes reduce chance of exploit?
zz3> <@...ardiz> @RichFelker I think this patch alone doesn't help at all. It might break some pre-existing exploits, but so would many non-security options.
zz4> <@...vecheckoway> @solardiz @RichFelker I agree. This doesn't seem useful. ROP using only intended instructions works just fine (as does ROP without returns).
zz5> <@...hbressers> @stevecheckoway @solardiz @RichFelker I'm certainly not smart enough to help with this, but we should work together, don't just complain.
zz6> <@...ardiz> @joshbressers @stevecheckoway @RichFelker I think one of us should ask Bernd to outline his plan and let the community comment on it
zz7> <@...hbressers> @solardiz @stevecheckoway @RichFelker You need to engage about this on oss-security. There is a plan, that patch is step 1.

Bernd, I'd appreciate it if you describe your plan in a reply to this
e-mail.  Please keep oss-security CC'ed.

Thank you for your work!

Alexander

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ