Hanno Böck
Too many bugs and security vulnerabilities.
Let's make it harder to exploit them.
Bug types: Buffer overflow, use after free and similar.
Pioneers: Grsecurity / PAX for Linux
Secret value on the stack that gets checked on return.
If stack overflow overwrites return address it also overwrites canary / cookie.
Old days: Attackers could jump into data they control and execute it.
Memory page permissions allow marking data pages as non-executable.
Use random memory addresses for code and data.
Protects agsint code reuse: If the attacker doesn't know where the code is he can't jump to it.
Linux distributions slow in adopting ASLR.
Modern exploits are complex: Return-oriented programming, heap spraying, bug chains required.
Exploit mitigation works to a certain degree.
Performance costs are usually low.
There's a cost/benefit issue regarding complexity.
Control Flow Guard (Microsoft)
RAP (Grsecurity/PAX)
-fsanitize=cfi (Clang/LLVM)
[Show example]
clang -fsanitize=cfi -fvisibility=hidden -fuse-ld=gold -flto [input file]
clang (not available for gcc)
Gold linker (-fuse-ld=gold)
Link time optimization (-flto)
Function visibility (-fvisibility=hidden)
Function pointer type:
typedef size_t (*curl_write_callback)(char *buffer, size_t size, size_t nitems, void *outstream);Function:
size_t tool_write_cb(void *buffer, size_t sz, size_t nmemb, void *userdata)Chrome uses Control Flow Integrity and finds lots of bugs with it [1].
Future: Hardened Linux with CFI? (Lots of compatibility issues.)
Next meetup...?
Rust Hack Night, here on Wednesday (26.4.) - cph.rs
Bornhack - 22.8. - 29.8. - bornhack.dk