[PATCH] Insert random noops to increase security against ROP attacks (llvm)
PaX Team
pageexec at gmail.com
Mon Jan 5 19:45:01 PST 2015
On 5 Jan 2015 at 19:19, Chandler Carruth wrote:
> On Mon, Jan 5, 2015 at 7:13 PM, PaX Team <pageexec at gmail.com> wrote:
>
> > that's exactly what i'm wondering about: what is that class of attacks?
> > blind ROP can discover gadgets remotely without knowing the exact code
> > content.
> >
>
> I'm not a security expert, but I would imagine that blind ROP is somewhat
> harder / more difficult / more expensive than ROP.
that's why it's worth reading the paper as they provide numbers ;). the attacker's
cost is quite economical, say a few thoudand tries (obviously this requires a
respawning service, e.g., this won't work against a browser, but there're other
ways for that case). now if everyone had brute force prevention like grsecurity
we'd be talking about a different cost model...
More information about the llvm-commits
mailing list