Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 18 Nov 2015 05:10:08 +0300
From: Solar Designer <solar@...nwall.com>
To: Jeff Law <law@...hat.com>
Cc: Bernd Schmidt <bschmidt@...hat.com>, oss-security@...ts.openwall.com,
	Florian Weimer <fweimer@...hat.com>
Subject: Re: Fwd: x86 ROP mitigation

On Tue, Nov 17, 2015 at 10:34:46AM -0700, Jeff Law wrote:
> I don't think anyone believes this stuff will make a significant 
> difference *at this stage*.  Thus, we aren't planning announcements or 
> any promotion of the work.
> 
> The obvious idea is to keep knocking off sources of ROP gadgets, 
> hopefully reaching a point where ROP gadgets are reasonably hard to find 
> & exploit in GCC generated code at some point in the future.
> 
> As each bundle of work reaches completion, it will be submitted to the 
> appropriate project (GCC & binutils).  There's no value in holding back 
> any particular mitigation technique.  They'll just keep dropping as 
> they're completed.

This approach makes sense to me, but I think we should have a better
idea of whether and how "a point where ROP gadgets are reasonably hard
to find & exploit" is potentially reachable.  If it is not even
potentially reachable, then this undermines the effort, unfortunately.

Also, "hard" might be a wrong goal.  More important is making attacks
less reliable or/and less generic, such as through forcing them to be
more complex or/and to rely on more aspects of the target system.

Overall, this might be a worthwhile effort - it's just that I'd like to
see a more convincing potential plan early on, even if the individual
mitigations would be getting upstreamed one by one (as they should be).

Thanks,

Alexander

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ