There's a saying in my country "even a blind chicken stumbles upon a seed"
-
-
-
Userland ASLR? Control flow graph integrity? Sane integer overflow behaviour by default? The list is long, actually.
-
ASLR? Are you sure other OSs don't have it? Like OpenBSD? Or we don't talk about "only in Windows" any more?
-
Support for userland ASLR in Linux distributions is spotty to non-existent. OpenBSD loads the executable itself at a fixed address...
-
Sure on that? Where was the last time you checked on
#OpenBSD? Since 6.1 even arm is PIE (including static binaries). -
5.7. But glad to hear there's progress. Are we getting more than 16 bits of entropy too? And what about control flow integrity?
-
https://hardenedbsd.org/article/shawn-webb/2017-03-02/introducing-cfi … but not yet in FreeBSD, if I remember correctly. I don't know about other OSes
End of conversation
New conversation -
-
-
"Company also believes that other operating systems, including Microsoft's Windows could also be vulnerable to Stack Clash..."
-
I know the people who made sure it isn't, back at the big Vista audit. They tried to tell the gcc folks, but they weren't taken seriously.
End of conversation
New conversation -
-
-
How does Windows handle its stacks?
-
With mandatory stack probing as part of the ABI.
-
Looking for stuff to read a little bit deeper into that - found this :Dhttps://twitter.com/CopperheadOS/status/876835207701200896 …
End of conversation
New conversation -
-
-
Well, because... Look behind you, a three headed monkey!
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Well, to be honest that's more of an oversight of the compilers, not inserting stack probing into the generated code.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.