Recently, I stumbled upon a OpenBSD effort that attempts to make it harder to perform a ROP-based exploitation against sshd: sshd random relinking at boot
It comes down to this line in the Makefile:
cc -o sshd `echo ${OBJS} | tr ' ' '\n' | sort -R` ${LDADD}
The essence of the idea is to simply pass the .o files in a random order to the linker. Their order inside the sshd binary won’t be predictable. On reboot, OpenBSD relinks the binary. This ensures that it’ll differ between OpenBSD installations and thus, offsets for ROP gadgets will vary too. The idea is that this has the potential to make an attackers life harder, as a standard ROP attack requires inspecting the target binaries. Fun with Gentoo: Why don’t we just shuffle those ROP gadgets away?