On 11/16/2015 07:18 PM, Uros Bizjak wrote:
On Fri, Nov 13, 2015 at 9:47 PM, Bernd Schmidt <bernds_...@t-online.de> wrote:
This adds a new -mmitigate-rop option to the i386 port. The idea is to
mitigate against certain forms of attack called "return oriented
programming" that some of our security folks are concerned about.>
LGTM, and since the whole thing is protected by a -mmitigate-rop it
looks safe for mainline SVN.
Thanks. Committed with some minor changes: I've added a sentence to the
documentation to clarify that this is in an early stage of development:
@item -mmitigate-rop
+@opindex mmitigate-rop
+Try to avoid generating code sequences that contain unintended return
+opcodes, to mitigate against certain forms of attack. At the moment,
+this option is limited in what it can do and should not be relied
+on to provide serious protection.
Bernd
