1. 14
  1.  

  2. 7

    ROP is a super ingenious (and scary) attack. If you’re looking to read more into it, check out this paper about automating the process of “blindly” finding ROP gadgets over the network to hijack control flow on a remote machine: http://www.scs.stanford.edu/brop/bittau-brop.pdf

    1. 4

      Wikipedia on ROP: https://en.wikipedia.org/wiki/Return-oriented_programming

      Return-oriented programming (ROP) is a computer security exploit technique that allows an attacker to execute code in the presence of security defenses such as executable space protection and code signing.

      1. 3

        Best we can do without throwing entire hardware/software ecosystem away

        Can we at least start by moving away from producing new memory unsafe code?

        1. 0

          go ahead, ask about RUST

          ok, what about Rust?

          1. 2

            I found this while trying to find more info: http://cs242.stanford.edu/assets/projects/2017/songyang.pdf

            1. 1

              “of unsafe Rust”

              Using Rust in unsafe mode (protections disabled) can lead to attacks on code like in unsafe languages like C. A well-known, avoidable problem.