A stupid idea, unfortunately. Only academia still cares about ROP. http://undeadly.org/cgi?action=article&sid=20160425145953 … - sorry theo.
-
-
Replying to @halvarflake
@halvarflake also this defense is basically pointless for ROP in the current form1 reply 0 retweets 1 like -
Replying to @lazytyped
@halvarflake randomization is not the way today. Stop the attack at the origin (prevent the first non authorized return)1 reply 2 retweets 2 likes -
Replying to @lazytyped
@lazytyped@halvarflake ...and in an ideal world, you have no bugs. But in reality, anything that can mitigate exploitation is useful, not?1 reply 0 retweets 3 likes -
Replying to @berendjanwever
@berendjanwever@halvarflake no, that's what leads to pulling up pointless defenses that make more harm (usability, debugging) than good3 replies 0 retweets 0 likes -
Replying to @lazytyped
@lazytyped@halvarflake I did say "anything that can mitigate exploitation", not "anything". Cost/benefit analysis is implied.1 reply 0 retweets 0 likes -
Replying to @berendjanwever
@berendjanwever@halvarflake how does this "randomize libc symbols" mitigates exploitation?1 reply 0 retweets 0 likes -
Replying to @lazytyped
@lazytyped@halvarflake I did not say this is good mitigation. I said that even if some mitigations are better than others, all are useful.2 replies 0 retweets 0 likes -
Replying to @berendjanwever
@lazytyped@halvarflake In other words, just because this uses randomization does not make it bad by default.1 reply 0 retweets 0 likes -
Replying to @berendjanwever
@berendjanwever@halvarflake with ROP we already have enough randomization with ASLR. And direction is CFI-ish.More randomization won't help1 reply 1 retweet 0 likes
@lazytyped @halvarflake I'd like to see somebody (theo?) show a bunch of vulns this would have mitigated before I make a judgement.
-
-
Replying to @berendjanwever
@berendjanwever@halvarflake sure you don't have to trust me. I'm happy to be proven wrong (but not by an artificial case)1 reply 0 retweets 2 likes -
Replying to @lazytyped
@berendjanwever@halvarflake oh and for the record, this is less resistant than ASLR (any infoleak can be used against any process)0 replies 0 retweets 4 likes
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.