Recent informative ML thread: List of security features in musl. http://www.openwall.com/lists/musl/2016/02/11/4 …
-
-
@RichFelker The ongoing parallel attempts at doing CPI and CFI in LLVM (both very incomplete) and PaX's RAP plugin (not public yet). -
@CopperheadSec Are any of these ABI-compatible with existing code? If not they're basically toys, IMO. -
@RichFelker Not sure, but without full coverage they aren't fulfilling their purpose. They would only be able to mitigate some heap sprays. -
@RichFelker They aren't closing off individual vulnerabilities like _FORTIFY_SOURCE or -fsanitize=bounds,object-size so coverage matters.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.