oss-sec mailing list archives
Re: Re: Fwd: x86 ROP mitigation
From: Daniel Micay <danielmicay () gmail com>
Date: Tue, 17 Nov 2015 14:09:32 -0500
Why not both? Security is about layers, this is a nice place for a new security layer.
It needs to provide something meaningful to be a layer. There is a performance and complexity budget too. Landing a security feature should involve explaining the threat model and the plan to fully address it. It can be a very narrow threat model, sure. SSP is an example of a feature with *very* narrow threat model and a very high performance cost for what it actually accomplishes and yet it's still quite useful (but it could be replaced with something much better). It's not going to be increasing the cost of exploit development if it only means a script ends up finding different gadgets instead. Maybe it leads to better tooling being developed if it's far enough along, but that's one person investing their time once, not every exploit taking more resources to develop. If it's incomplete, how is it a layer?
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- x86 ROP mitigation Solar Designer (Nov 17)
- Message not available
- Re: Fwd: x86 ROP mitigation Bernd Schmidt (Nov 17)
- Re: Fwd: x86 ROP mitigation Jeff Law (Nov 17)
- Re: Re: Fwd: x86 ROP mitigation Daniel Micay (Nov 17)
- Re: Re: Fwd: x86 ROP mitigation Josh Bressers (Nov 17)
- Re: Re: Fwd: x86 ROP mitigation Daniel Micay (Nov 17)
- Re: Re: Fwd: x86 ROP mitigation Josh Bressers (Nov 17)
- Re: Re: Fwd: x86 ROP mitigation Daniel Micay (Nov 17)
- Re: Fwd: x86 ROP mitigation Bernd Schmidt (Nov 17)
- Message not available
- Re: Re: Fwd: x86 ROP mitigation Rich Felker (Nov 17)
- Re: Re: Fwd: x86 ROP mitigation Daniel Micay (Nov 17)
- Re: Fwd: x86 ROP mitigation Solar Designer (Nov 17)
- Re: Fwd: x86 ROP mitigation Florian Weimer (Nov 18)
- Data on Linux attacks (was Re: [oss-security] Re: Fwd: x86 ROP mitigation) Josh Bressers (Nov 18)
- Re: Data on Linux attacks (was Re: [oss-security] Re: Fwd: x86 ROP mitigation) Kurt Seifried (Nov 18)
- Re: Re: Fwd: x86 ROP mitigation Steve Grubb (Nov 18)
- Re: Re: Fwd: x86 ROP mitigation Fabio Pagani (Nov 18)