Re: PoC: Function Pointer Protection in C Programs

[Ondřej Bílka <neleai () seznam cz>]

On Wed, Aug 21, 2013 at 04:43:13PM +0200, Stephen Röttger wrote:
> Hi everyone,
>
> I'd like to present you my master's thesis "Malicious Code Execution
> Prevention through Function Pointer Protection" [0] and its
> proof-of-concept implementation [1] for the gcc+glibc and would
> appreciate some feedback.

> Performance:
> Though my PoC implementation is not free of bugs, I was able to compile
> an nginx webserver and have it serve static websites, which I used for a
> performance evaluation. On my test system, the number of requests per
> second that the nginx could was reduced to 96% compared to a nginx
> without the scheme. Handling of a single request included 71 function
> pointer calls in this case. (More details can be found in my thesis [0])
What is performance impact for program that just qsorts big array? It
looks like worst case scenario for me.

Well now when gcc-4.7 can resolve function pointers it is possible to
create header to inline comparison but still.