A stupid idea, unfortunately. Only academia still cares about ROP. http://undeadly.org/cgi?action=article&sid=20160425145953 … - sorry theo.
@lazytyped @halvarflake In other words, just because this uses randomization does not make it bad by default.
-
-
@berendjanwever@halvarflake with ROP we already have enough randomization with ASLR. And direction is CFI-ish.More randomization won't help -
@lazytyped@halvarflake I'd like to see somebody (theo?) show a bunch of vulns this would have mitigated before I make a judgement. -
@berendjanwever@halvarflake sure you don't have to trust me. I'm happy to be proven wrong (but not by an artificial case) -
@berendjanwever@halvarflake oh and for the record, this is less resistant than ASLR (any infoleak can be used against any process)
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.