Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 18 Nov 2015 13:06:56 +0100
From: Bernd Schmidt <>
To: Solar Designer <>
Cc:, Jeff Law <>,
        Florian Weimer <>
Subject: Re: Fwd: x86 ROP mitigation

On 11/18/2015 02:57 AM, Solar Designer wrote:
> I'd like more detail on the plan of dealing with function epilogues, if
> there is a plan for that.
> I'm not sure if this fits under:
>>    * Look into an idea Florian had for improving stack-protector
>>      epilogues.
> or if that's (more likely) something entirely different.

That was a detail we discussed internally. I'll need to look at it again 
but the idea was to make those kinds of epilogues less useful. Maybe 
Florian can comment.

There's also the contification thing (although now I've googled it I'm 
not sure that's really the right term). I currently envision this as 
follows: instead of using a call instruction, we push an index into a 
table of known return addresses and convert returns into essentially a 
switch. I think that can be made to work entirely inside the compiler 
for static functions (LTO might help to enlarge the scope). I could also 
imagine a more involved approach involving linker trickery.


Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.