oss-sec mailing list archives
Re: Fwd: x86 ROP mitigation
From: Bernd Schmidt <bschmidt () redhat com>
Date: Wed, 18 Nov 2015 13:06:56 +0100
On 11/18/2015 02:57 AM, Solar Designer wrote:
I'd like more detail on the plan of dealing with function epilogues, if there is a plan for that. I'm not sure if this fits under:* Look into an idea Florian had for improving stack-protector epilogues.or if that's (more likely) something entirely different.
That was a detail we discussed internally. I'll need to look at it again but the idea was to make those kinds of epilogues less useful. Maybe Florian can comment.
There's also the contification thing (although now I've googled it I'm not sure that's really the right term). I currently envision this as follows: instead of using a call instruction, we push an index into a table of known return addresses and convert returns into essentially a switch. I think that can be made to work entirely inside the compiler for static functions (LTO might help to enlarge the scope). I could also imagine a more involved approach involving linker trickery.
Bernd
Current thread:
- Re: Re: Fwd: x86 ROP mitigation, (continued)
- Re: Re: Fwd: x86 ROP mitigation Daniel Micay (Nov 17)
- Re: Fwd: x86 ROP mitigation Solar Designer (Nov 17)
- Re: Fwd: x86 ROP mitigation Florian Weimer (Nov 18)
- Data on Linux attacks (was Re: [oss-security] Re: Fwd: x86 ROP mitigation) Josh Bressers (Nov 18)
- Re: Data on Linux attacks (was Re: [oss-security] Re: Fwd: x86 ROP mitigation) Kurt Seifried (Nov 18)
- Re: Re: Fwd: x86 ROP mitigation Steve Grubb (Nov 18)
- Re: Re: Fwd: x86 ROP mitigation Fabio Pagani (Nov 18)
- Re: Fwd: x86 ROP mitigation Solar Designer (Nov 19)
- Re: Re: Fwd: x86 ROP mitigation Jonathan Salwan (Nov 19)
- Re: Fwd: x86 ROP mitigation Solar Designer (Nov 17)
- Re: Fwd: x86 ROP mitigation Bernd Schmidt (Nov 18)
- Re: Re: Fwd: x86 ROP mitigation Florian Weimer (Nov 18)
- Re: Fwd: x86 ROP mitigation Jeff Law (Nov 18)