oss-sec mailing list archives
x86 ROP mitigation
From: Solar Designer <solar () openwall com>
Date: Tue, 17 Nov 2015 18:39:51 +0300
Bernd, all - A few days ago, Bernd Schmidt posted this gcc patch: https://gcc.gnu.org/ml/gcc-patches/2015-11/msg01773.html "This adds a new -mmitigate-rop option to the i386 port. The idea is to mitigate against certain forms of attack called "return oriented programming" that some of our security folks are concerned about. [...] This patch is a small step towards preventing this kind of attack. I have a few more steps queued (not quite ready for stage 1), but additional work will be necessary to give reasonable protection." This was followed with a few tweets: TTYtter> /th zz7 zz0> (x13) <RichFelker> #gcc i386 ROP mitigation https://gcc.gnu.org/ml/gcc-patches/2015-11/msg01773.html zz1> <@solardiz> @RichFelker This is ridiculous as it is, but I'll defer judgement until I see further steps that Bernd has queued zz2> <@RichFelker> @solardiz I have concerns about the deg to which is possible, but doesn't just reducing the freq of these bytes reduce chance of exploit? zz3> <@solardiz> @RichFelker I think this patch alone doesn't help at all. It might break some pre-existing exploits, but so would many non-security options. zz4> <@stevecheckoway> @solardiz @RichFelker I agree. This doesn't seem useful. ROP using only intended instructions works just fine (as does ROP without returns). zz5> <@joshbressers> @stevecheckoway @solardiz @RichFelker I'm certainly not smart enough to help with this, but we should work together, don't just complain. zz6> <@solardiz> @joshbressers @stevecheckoway @RichFelker I think one of us should ask Bernd to outline his plan and let the community comment on it zz7> <@joshbressers> @solardiz @stevecheckoway @RichFelker You need to engage about this on oss-security. There is a plan, that patch is step 1. Bernd, I'd appreciate it if you describe your plan in a reply to this e-mail. Please keep oss-security CC'ed. Thank you for your work! Alexander
Current thread:
- x86 ROP mitigation Solar Designer (Nov 17)
- Message not available
- Re: Fwd: x86 ROP mitigation Bernd Schmidt (Nov 17)
- Re: Fwd: x86 ROP mitigation Jeff Law (Nov 17)
- Re: Re: Fwd: x86 ROP mitigation Daniel Micay (Nov 17)
- Re: Re: Fwd: x86 ROP mitigation Josh Bressers (Nov 17)
- Re: Re: Fwd: x86 ROP mitigation Daniel Micay (Nov 17)
- Re: Re: Fwd: x86 ROP mitigation Josh Bressers (Nov 17)
- Re: Re: Fwd: x86 ROP mitigation Daniel Micay (Nov 17)
- Re: Fwd: x86 ROP mitigation Bernd Schmidt (Nov 17)
- Message not available
- Re: Re: Fwd: x86 ROP mitigation Rich Felker (Nov 17)
- Re: Re: Fwd: x86 ROP mitigation Daniel Micay (Nov 17)
- Re: Fwd: x86 ROP mitigation Solar Designer (Nov 17)