Is this a form of ROP protection? edit wait nope, misunderstood something.
It it common for attackers to make fake stacks?
Yeah. Your ROP chain requires a whole bunch of return addresses somewhere in memory. This restricts you to putting them on the stack, as opposed to some other heap buffer.
Bonus link: http://hypervsir.blogspot.com/2015/01/a-software-solution-to-defend-against.html
from january: https://marc.info/?l=openbsd-tech&m=151572838911297&w=2
Is this a form of ROP protection? edit wait nope, misunderstood something.
It it common for attackers to make fake stacks?
Yeah. Your ROP chain requires a whole bunch of return addresses somewhere in memory. This restricts you to putting them on the stack, as opposed to some other heap buffer.
Bonus link: http://hypervsir.blogspot.com/2015/01/a-software-solution-to-defend-against.html
from january: https://marc.info/?l=openbsd-tech&m=151572838911297&w=2