1. 15
    Thwarting Return Oriented Programming (ROP) Attacks pdf openbsd security openbsd.org
    fro avatar via fro 5 years ago |
    Archive.org Archive.today Ghostarchive
    | 6 comments
    1. 7
      jeffcarp avatar jeffcarp 5 years ago | link

      ROP is a super ingenious (and scary) attack. If you’re looking to read more into it, check out this paper about automating the process of “blindly” finding ROP gadgets over the network to hijack control flow on a remote machine: http://www.scs.stanford.edu/brop/bittau-brop.pdf

    2. 4
      inactive-user avatar inactive-user 5 years ago | link

      Wikipedia on ROP: https://en.wikipedia.org/wiki/Return-oriented_programming

      Return-oriented programming (ROP) is a computer security exploit technique that allows an attacker to execute code in the presence of security defenses such as executable space protection and code signing.

    3. 3
      alex_gaynor avatar alex_gaynor 5 years ago | link

      Best we can do without throwing entire hardware/software ecosystem away

      Can we at least start by moving away from producing new memory unsafe code?

    4. 0
      itistoday avatar itistoday 5 years ago | link

      go ahead, ask about RUST

      ok, what about Rust?

      1. 2
        qbit avatar qbit 5 years ago | link

        I found this while trying to find more info: http://cs242.stanford.edu/assets/projects/2017/songyang.pdf

        1. 1
          nickpsecurity avatar nickpsecurity 5 years ago | link

          “of unsafe Rust”

          Using Rust in unsafe mode (protections disabled) can lead to attacks on code like in unsafe languages like C. A well-known, avoidable problem.