Yeah, the presentation was mentioned a couple of times but it is incredibly sparse and lacks, e.g., target set discussions and other details. Most CFI academics know RAP but it's hard to evaluate/compare without details/specification

(I have long ago stopped following this -imo useful, if heated - discussion -- but afaik grsec ships RAP? So at least in theory asking would be possible? Apologies for intruding into the thread from the sidelines with dangerous half-knowledge).

I really didn't want to enter the heated part, was just pointing out that RAP is likely well known at this point in academia :)

I sincerely doubt it. I myself get a paywall when trying to get the RAP kernel patches. Where is the public version? Its hard to find. If @paxteam wants RAP to become a mainstream academic reference, they should release a PoC code for public evaluation and write a detailed paper.

So, I've set out to evaluate RAP this morning, comparing RAP with LLVM-CFI. I've searched for the RAP download for 30min but did not find an open (or even binary) version of the RAP gcc plugin for user-space.

Did you look here? grsecurity.net/~paxguy1/pax-…

That's a kernel patch and not the GCC plugin that does the analysis / adds the instrumentation.

The plugin is in the kernel patch (just like other Linux plugins). Check inside: linux-4.9.24/scripts/gcc-plugins/rap_plugin

Hm, interesting. As soon as I get a real version with a little bit of documentation to test, I'll look into it. Extracting files from a partial patch is not how I usually evaluate other prototypes

Hm, there is no config option to build the RAP plugin. This is advanced software archaeology where I reverse engineer a plugin that is hidden in a partial kernel patch without any form of documentation. This software would fail any artifact evaluation.