so.cl

Rascals are always sociable, and the chief sign that a man has any nobility in his character is the little pleasure he takes in others company. Arthur Schopenhauer


Fun with Gentoo: Why don't we just shuffle those ROP gadgets away?

Recently, I stumbled upon a OpenBSD effort that attempts to make it harder to perform a ROP-based exploitation against sshd: sshd random relinking at boot

It comes down to this line in the Makefile:

cc -o sshd `echo ${OBJS} | tr ' ' '\n' | sort -R` ${LDADD}

The essence of the idea is to simply pass the .o files in a random order to the linker. Their order inside the sshd binary won’t be predictable. On reboot, OpenBSD relinks the binary. This ensures that it’ll differ between OpenBSD installations and thus, offsets for ROP gadgets will vary too. The idea is that this has the potential to make an attackers life harder, as a standard ROP attack requires inspecting the target binaries. Fun with Gentoo: Why don’t we just shuffle those ROP gadgets away?