Nan ZoE <zoen...@gmail.com> wrote: > Sure, thank you for your patient response. > > I will continue to refine my work and attempt to develop some > countermeasures against ROP mitigation. If there's good news, I will > contact OpenBSD again! By the way, the first idea I provided, which is > "Zeroing registers before function returns," has already been applied by > GCC and CLANG in one of their compiler flags. You might consider some of > those approaches because, in my evaluation of their mitigation > effectiveness, they reduced the number of gadgets in programs by an average > of 60%. Here's the commit > <https://github.com/gcc-mirror/gcc/commit/d10f3e900b0377b4760a090b0f90371bcef01686> > related to this mechanism for you to look at.
I am aware of that change, and it comes with quite a cost -- which noone is quantifying clearly for the PURPOSE of "enabling the option by default, for all software". Noone in the gnu ecosystem is proposing making it the default. It will remain, forever I am sure, an option to turn on only for specific software. And it will soon be forgotten. But turn back to the software you are "exploiting". Will it be turned on in chmod(1)? How about for as(1)? I'm mentioning two programs which you believe you "exploited". How about the other programs you listed? How does the tradeoff work: Is the performance lost worth the incremental advantage of less ROP effectiveness, or are other avenues which block effective escalation with less performance cost more valuable?
