Date: Tue, 17 Nov 2015 18:39:51 +0300 From: Solar Designer <solar@...nwall.com> To: Bernd Schmidt <bernds_cb1@...nline.de> Cc: oss-security@...ts.openwall.com Subject: x86 ROP mitigation Bernd, all - A few days ago, Bernd Schmidt posted this gcc patch: https://gcc.gnu.org/ml/gcc-patches/2015-11/msg01773.html "This adds a new -mmitigate-rop option to the i386 port. The idea is to mitigate against certain forms of attack called "return oriented programming" that some of our security folks are concerned about. [...] This patch is a small step towards preventing this kind of attack. I have a few more steps queued (not quite ready for stage 1), but additional work will be necessary to give reasonable protection." This was followed with a few tweets: TTYtter> /th zz7 zz0> (x13) <RichFelker> #gcc i386 ROP mitigation https://gcc.gnu.org/ml/gcc-patches/2015-11/msg01773.html zz1> <@solardiz> @RichFelker This is ridiculous as it is, but I'll defer judgement until I see further steps that Bernd has queued zz2> <@RichFelker> @solardiz I have concerns about the deg to which is possible, but doesn't just reducing the freq of these bytes reduce chance of exploit? zz3> <@solardiz> @RichFelker I think this patch alone doesn't help at all. It might break some pre-existing exploits, but so would many non-security options. zz4> <@stevecheckoway> @solardiz @RichFelker I agree. This doesn't seem useful. ROP using only intended instructions works just fine (as does ROP without returns). zz5> <@joshbressers> @stevecheckoway @solardiz @RichFelker I'm certainly not smart enough to help with this, but we should work together, don't just complain. zz6> <@solardiz> @joshbressers @stevecheckoway @RichFelker I think one of us should ask Bernd to outline his plan and let the community comment on it zz7> <@joshbressers> @solardiz @stevecheckoway @RichFelker You need to engage about this on oss-security. There is a plan, that patch is step 1. Bernd, I'd appreciate it if you describe your plan in a reply to this e-mail. Please keep oss-security CC'ed. Thank you for your work! Alexander
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.