compiler != frontend, as you can clearly see in the released version too. and it is the proper level :).
it's exactly the same as normal fptr checks just at a different offset for the ancestor method hash.
i'll be the first one to switch to it if it works as return address protection is the slower part of RAP.
1
1
1
while the shadow stack *design* is better on paper, it may not be implementable in practice. cf. the academic work.
since you asked us about Intel's CET: forums.grsecurity.net/viewto…
3
109
97
a blog is an online thing. and @grsecurity isn't locked down but is a mere placeholder now.
yeah, he's so hiding that he'll do the keynote at @sstic next week and had time for only 2 blogs since ;).
1
2
did you say a word? then how would anyone know? everyone join #pax on OFTC now!
1
not only butthurt but a lying coward who still didn't dare to face the truth on irc. i'm still waiting!
1
editing TTE = data-only attack -> out of scope for CFI schemes. protecting against them has been on my agenda of course.
compilation is not a problem per se, fixing all the incorrect fptr casts is (FYI my chromium fix touches 276 files).
so the past 15 years didn't benefit the masses? that's 15 years more than you spent on securing the masses.
1
we already did a thousand times more to secure the masses than you ever have or will. but bitching is easier than building stuff.
1
1
4