[llvm-dev] [RFC] Pagerando: Page-granularity code randomization (original) (raw)
David Chisnall via llvm-dev llvm-dev at lists.llvm.org
Thu Oct 11 00:29:43 PDT 2018
- Previous message: [llvm-dev] [RFC] Pagerando: Page-granularity code randomization
- Next message: [llvm-dev] [RFC] Pagerando: Page-granularity code randomization
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On 11 Oct 2018, at 03:37, Stephen Crane via llvm-dev <llvm-dev at lists.llvm.org> wrote:
Pagerando is an improvement over ASLR; it is certainly not intended as a replacement for CFI. Pagerando instead complements CFI as a defense in depth by making it harder to reliably exploit unconstrained (legacy code w/o CFI) and weakly-constrained (e.g. those that require many targets w/CFI) branches.
Perhaps I am missing something, but if the low 12 bits of an address are not modified between runs then, for the newer ROP attacks that perform partial pointer overwrites, this leaves you with 4 bits of useful entropy. If you try this attack on 100 devices then you will, on average, compromise at least 12 of them. That doesn’t sound like it gives very much security.
David
- Previous message: [llvm-dev] [RFC] Pagerando: Page-granularity code randomization
- Next message: [llvm-dev] [RFC] Pagerando: Page-granularity code randomization
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]