r225910 - Insert random noops to increase security against ROP attacks (clang)

Hans Wennborg hans at chromium.org
Thu Jan 15 10:08:30 PST 2015


On Tue, Jan 13, 2015 at 5:07 PM, JF Bastien <jfb at google.com> wrote:
> Author: jfb
> Date: Tue Jan 13 19:07:51 2015
> New Revision: 225910
>
> URL: http://llvm.org/viewvc/llvm-project?rev=225910&view=rev
> Log:
> Insert random noops to increase security against ROP attacks (clang)
>
> A pass that adds random noops to X86 binaries to introduce diversity with the goal of increasing security against most return-oriented programming attacks.
>
> Command line options:
>   -noop-insertion // Enable noop insertion.
>   -noop-insertion-percentage=X // X% of assembly instructions will have a noop prepended (default: 50%, requires -noop-insertion)
>   -max-noops-per-instruction=X // Randomly generate X noops per instruction. ie. roll the dice X times with probability set above (default: 1). This doesn't guarantee X noop instructions.
>
> In addition, the following 'quick switch' in clang enables basic diversity using default settings (currently: noop insertion and schedule randomization; it is intended to be extended in the future).
>   -fdiversify
>
> This is the clang part of the patch.
> llvm part: D3392
>
> http://reviews.llvm.org/D3393
> Patch by Stephen Crane (@rinon)

Is this something that should be mentioned in the 3.6 release notes?

Also are there patches in flight here that need to get merged? (I saw
http://reviews.llvm.org/D6983 for example)

Thanks,
Hans



More information about the cfe-commits mailing list