Date: Wed, 18 Nov 2015 13:06:56 +0100 From: Bernd Schmidt <bschmidt@...hat.com> To: Solar Designer <solar@...nwall.com> Cc: oss-security@...ts.openwall.com, Jeff Law <law@...hat.com>, Florian Weimer <fweimer@...hat.com> Subject: Re: Fwd: x86 ROP mitigation On 11/18/2015 02:57 AM, Solar Designer wrote: > I'd like more detail on the plan of dealing with function epilogues, if > there is a plan for that. > > I'm not sure if this fits under: > >> * Look into an idea Florian had for improving stack-protector >> epilogues. > > or if that's (more likely) something entirely different. That was a detail we discussed internally. I'll need to look at it again but the idea was to make those kinds of epilogues less useful. Maybe Florian can comment. There's also the contification thing (although now I've googled it I'm not sure that's really the right term). I currently envision this as follows: instead of using a call instruction, we push an index into a table of known return addresses and convert returns into essentially a switch. I think that can be made to work entirely inside the compiler for static functions (LTO might help to enlarge the scope). I could also imagine a more involved approach involving linker trickery. Bernd
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.