[PATCH] Insert random noops to increase security against ROP attacks (llvm)
Stephen Crane
sjcrane at uci.edu
Tue Jan 6 17:51:07 PST 2015
On Tue, Jan 6, 2015 at 5:44 PM, PaX Team <pageexec at gmail.com> wrote:
> not true, you also need to know the precise *content* of the library
> a priori
> this is not even a new problem actually, even
> before ASLR (think 90's) exploits often had offset/address tables specific
> to distro versions.
Exactly. That is a solved problem in exploit development. I assumed
that the attacker has a copy of the library. Fine-grained diversity
prevents an attacker from being able to have this copy, since his
version will differ from the target.
- stephen
More information about the llvm-commits
mailing list