Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Yep! That's the idea here: it makes it less likely to accidentally treat data as instructions. If you can figure out some bug in a JIT compiler to get it to write your payload to a page that will get turned executable, then you still have an exploit, but the attack surface is smaller.

You can try return-oriented programming, but OpenBSD makes that hard: the stack is never executable, everything is position independent, objects get shuffled around inside libraries and executables¹, maybe more.

¹ At least this was proposed, and I think it landed in one of the newer releases, but I can't seem to find it for sure.



Yep: http://marc.info/?l=openbsd-cvs&m=146168291000757&w=2


Thanks, that's exactly what I was thinking of. Does it re-link only libc on startup, or other libraries as well?

Found the slide that I remembered: https://twitter.com/justincormack/status/577005049374601217

Do you know if any of the rest of that is in-progress or complete?


My observations..

* binutils 2.17 (last GPLv2) - complete.

* all archs transitioned to pie - complete as of 5.7.

* /sbin/init static pie - complete.

* ROP gadgets are being hunted down systematically, many nop sleds changed to int3/illegal instr.

* BROP - many base daemons now fork + exec, not all.

* SROP - mitigation committed - complete?

* shuffle - libc objects get shuffled at boot by rc(8), stack object order shuffling as a gcc extension.

..

Progress continues.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: