Return-oriented programming (ROP) is now a common technique for compromising systems via a stack-smashing vulnerability. Although restrictions on executing code on the stack have mostly put an end to many simple stack-smashing attacks, that does not mean that they are no longer a threat. There are various schemes in use for defeating ROP attacks. A new mechanism called "RETGUARD" is being implemented in OpenBSD and is notable for its relative simplicity. It makes use of a simple return-address transformation to disrupt ROP chains to hinder their execution and takes the form of a patch to the LLVM compiler adding a new flag.
(Score: 2) by Virindi on Wednesday September 13 2017, @08:58PM (1 child)
Ahh, I understand what you are saying now. That seems pretty similar to the idea of "two stacks", just that the first stack has pointers to the second one.
I'm sure that would work fine, but I am not sure how that would help any more than two stacks. You'd still need to at some point store the "next available data region" pointer when making a call. At that point you really just have two stack pointers.
So is the purpose simply to prevent one data frame from hitting another data frame*? The large amount of potentially wasted memory seems like a high cost for just that benefit.
*Obviously data to return corruption would be protected in the same way as with two stacks (it's far away, you have to find it, etc). I am talking about the additional advantage.
(Score: 2) by FatPhil on Thursday September 14 2017, @04:14AM
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves