oss-sec mailing list archives
Re: Fwd: x86 ROP mitigation
From: Solar Designer <solar () openwall com>
Date: Wed, 18 Nov 2015 05:10:08 +0300
On Tue, Nov 17, 2015 at 10:34:46AM -0700, Jeff Law wrote:
I don't think anyone believes this stuff will make a significant difference *at this stage*. Thus, we aren't planning announcements or any promotion of the work. The obvious idea is to keep knocking off sources of ROP gadgets, hopefully reaching a point where ROP gadgets are reasonably hard to find & exploit in GCC generated code at some point in the future. As each bundle of work reaches completion, it will be submitted to the appropriate project (GCC & binutils). There's no value in holding back any particular mitigation technique. They'll just keep dropping as they're completed.
This approach makes sense to me, but I think we should have a better idea of whether and how "a point where ROP gadgets are reasonably hard to find & exploit" is potentially reachable. If it is not even potentially reachable, then this undermines the effort, unfortunately. Also, "hard" might be a wrong goal. More important is making attacks less reliable or/and less generic, such as through forcing them to be more complex or/and to rely on more aspects of the target system. Overall, this might be a worthwhile effort - it's just that I'd like to see a more convincing potential plan early on, even if the individual mitigations would be getting upstreamed one by one (as they should be). Thanks, Alexander
Current thread:
- x86 ROP mitigation Solar Designer (Nov 17)
- Message not available
- Re: Fwd: x86 ROP mitigation Bernd Schmidt (Nov 17)
- Re: Fwd: x86 ROP mitigation Jeff Law (Nov 17)
- Re: Re: Fwd: x86 ROP mitigation Daniel Micay (Nov 17)
- Re: Re: Fwd: x86 ROP mitigation Josh Bressers (Nov 17)
- Re: Re: Fwd: x86 ROP mitigation Daniel Micay (Nov 17)
- Re: Re: Fwd: x86 ROP mitigation Josh Bressers (Nov 17)
- Re: Re: Fwd: x86 ROP mitigation Daniel Micay (Nov 17)
- Re: Fwd: x86 ROP mitigation Bernd Schmidt (Nov 17)
- Message not available
- Re: Re: Fwd: x86 ROP mitigation Rich Felker (Nov 17)
- Re: Re: Fwd: x86 ROP mitigation Daniel Micay (Nov 17)
- Re: Fwd: x86 ROP mitigation Solar Designer (Nov 17)
- Re: Fwd: x86 ROP mitigation Florian Weimer (Nov 18)
- Data on Linux attacks (was Re: [oss-security] Re: Fwd: x86 ROP mitigation) Josh Bressers (Nov 18)
- Re: Data on Linux attacks (was Re: [oss-security] Re: Fwd: x86 ROP mitigation) Kurt Seifried (Nov 18)
- Re: Re: Fwd: x86 ROP mitigation Steve Grubb (Nov 18)
- Re: Re: Fwd: x86 ROP mitigation Fabio Pagani (Nov 18)
- Re: Fwd: x86 ROP mitigation Solar Designer (Nov 19)
- Re: Re: Fwd: x86 ROP mitigation Jonathan Salwan (Nov 19)
- Re: Fwd: x86 ROP mitigation Solar Designer (Nov 17)
- Re: Fwd: x86 ROP mitigation Bernd Schmidt (Nov 18)
- Re: Re: Fwd: x86 ROP mitigation Florian Weimer (Nov 18)