SoylentNews

RETGUARD: A Return-Oriented Programming Defense From OpenBSD

posted by Fnord666 on Wednesday September 13 2017, @06:03AM   
from the going-back dept.

canopic jug writes:

Return-oriented programming (ROP) is now a common technique for compromising systems via a stack-smashing vulnerability. Although restrictions on executing code on the stack have mostly put an end to many simple stack-smashing attacks, that does not mean that they are no longer a threat. There are various schemes in use for defeating ROP attacks. A new mechanism called "RETGUARD" is being implemented in OpenBSD and is notable for its relative simplicity. It makes use of a simple return-address transformation to disrupt ROP chains to hinder their execution and takes the form of a patch to the LLVM compiler adding a new flag.

---

Original Submission

• Re:If you want to prevent (Score: 2) by FatPhil on Thursday September 14 2017, @04:14AM

  by FatPhil (863) <{pc-soylent} {at} {asdf.fi}> on Thursday September 14 2017, @04:14AM (#567633) Homepage

  The idea is to separate the control from the data. That way malicious data is never more than untrusted octets sitting in a region where you should expect untrusted octets. Of course, if you're a shitty coder, you'll permit untrusted data to overwrite other untrusted data, and thus change the logic flow of the program, but that's a different kind of exploit than one where the attacker irectly controls your IP.

  --
  Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves

  Parent

  Starting Score:	1		point
  Karma-Bonus Modifier		+1
  Total Score:		2