oss-sec mailing list archives
Re: PoC: Function Pointer Protection in C Programs
From: Ondřej Bílka <neleai () seznam cz>
Date: Wed, 21 Aug 2013 18:26:03 +0200
On Wed, Aug 21, 2013 at 04:43:13PM +0200, Stephen Röttger wrote:
Hi everyone, I'd like to present you my master's thesis "Malicious Code Execution Prevention through Function Pointer Protection" [0] and its proof-of-concept implementation [1] for the gcc+glibc and would appreciate some feedback.
Performance: Though my PoC implementation is not free of bugs, I was able to compile an nginx webserver and have it serve static websites, which I used for a performance evaluation. On my test system, the number of requests per second that the nginx could was reduced to 96% compared to a nginx without the scheme. Handling of a single request included 71 function pointer calls in this case. (More details can be found in my thesis [0])
What is performance impact for program that just qsorts big array? It looks like worst case scenario for me. Well now when gcc-4.7 can resolve function pointers it is possible to create header to inline comparison but still.
Current thread:
- PoC: Function Pointer Protection in C Programs Stephen Röttger (Aug 21)
- Re: PoC: Function Pointer Protection in C Programs Alessandro Cresto Miseroglio (Aug 21)
- Re: PoC: Function Pointer Protection in C Programs Ondřej Bílka (Aug 21)
- Re: PoC: Function Pointer Protection in C Programs Stephen Röttger (Aug 21)
- Re: PoC: Function Pointer Protection in C Programs Ondřej Bílka (Aug 22)
- Re: PoC: Function Pointer Protection in C Programs Stephen Röttger (Aug 22)
- Re: PoC: Function Pointer Protection in C Programs Stephen Röttger (Aug 21)
- Re: PoC: Function Pointer Protection in C Programs Hannes Frederic Sowa (Aug 21)
- Re: PoC: Function Pointer Protection in C Programs Stephen Röttger (Aug 22)
- <Possible follow-ups>
- Re: PoC: Function Pointer Protection in C Programs Alessandro Cresto Miseroglio (Aug 21)
- Re: PoC: Function Pointer Protection in C Programs Stephen Röttger (Aug 21)
- Re: PoC: Function Pointer Protection in C Programs Alessandro Cresto Miseroglio (Aug 21)
- Re: PoC: Function Pointer Protection in C Programs Stephen Röttger (Aug 21)