oss-sec mailing list archives
Re: Fwd: x86 ROP mitigation
From: Florian Weimer <fweimer () redhat com>
Date: Wed, 18 Nov 2015 11:51:23 +0100
On 11/18/2015 03:10 AM, Solar Designer wrote:
This approach makes sense to me, but I think we should have a better idea of whether and how "a point where ROP gadgets are reasonably hard to find & exploit" is potentially reachable. If it is not even potentially reachable, then this undermines the effort, unfortunately.
This came up in other discussions as well. We even got to the point where someone ran a ROP gadget finding tool on a core library, which did not find any gadgets at all, and someone else found a useful one in a few minutes with objdump and no other tool support (and this did not even include jumping into the middle of instructions). In the end, this boils down to lack of concrete goals. “Blinding ROP gadget finder X“ is easy (just change the ELF format in such a way that it's no longer recognized by the tool), but probably not very useful if you want to improve security, for any useful definition of “security”. We face the problem that I and my immediate colleagues (on the Red Hat tools team) do not have access to information about successful compromises, and what attackers actually do today, on GNU/Linux systems, both to achieve initial access and to maintain a presence afterwards. Under these conditions, anything we implement is, to some degree, arbitrary and a shot in the dark. We can still use our best judgment to set priorities, but we are very far from being guided by empirical evidence. Florian
Current thread:
- Re: Fwd: x86 ROP mitigation, (continued)
- Message not available
- Re: Fwd: x86 ROP mitigation Bernd Schmidt (Nov 17)
- Re: Fwd: x86 ROP mitigation Jeff Law (Nov 17)
- Re: Re: Fwd: x86 ROP mitigation Daniel Micay (Nov 17)
- Re: Re: Fwd: x86 ROP mitigation Josh Bressers (Nov 17)
- Re: Re: Fwd: x86 ROP mitigation Daniel Micay (Nov 17)
- Re: Re: Fwd: x86 ROP mitigation Josh Bressers (Nov 17)
- Re: Re: Fwd: x86 ROP mitigation Daniel Micay (Nov 17)
- Message not available
- Re: Re: Fwd: x86 ROP mitigation Rich Felker (Nov 17)
- Re: Re: Fwd: x86 ROP mitigation Daniel Micay (Nov 17)
- Re: Fwd: x86 ROP mitigation Solar Designer (Nov 17)
- Re: Fwd: x86 ROP mitigation Florian Weimer (Nov 18)
- Data on Linux attacks (was Re: [oss-security] Re: Fwd: x86 ROP mitigation) Josh Bressers (Nov 18)
- Re: Data on Linux attacks (was Re: [oss-security] Re: Fwd: x86 ROP mitigation) Kurt Seifried (Nov 18)
- Re: Re: Fwd: x86 ROP mitigation Steve Grubb (Nov 18)
- Re: Re: Fwd: x86 ROP mitigation Fabio Pagani (Nov 18)
- Re: Fwd: x86 ROP mitigation Solar Designer (Nov 19)
- Re: Re: Fwd: x86 ROP mitigation Jonathan Salwan (Nov 19)
- Re: Fwd: x86 ROP mitigation Solar Designer (Nov 17)
- Re: Fwd: x86 ROP mitigation Bernd Schmidt (Nov 18)
- Re: Re: Fwd: x86 ROP mitigation Florian Weimer (Nov 18)
- Re: Fwd: x86 ROP mitigation Jeff Law (Nov 18)