On Fri, Sep 22, 2023 at 12:50:37PM +0800, Nan ZoE wrote: > Because, as far as I understand, these ROP mitigation mechanisms seem to > have been updated only in the three versions of OpenBSD, namely 6.3 to 6.5 > <https://www.openbsd.org/65.html>. Of course, I have also studied some > programs under OpenBSD 6.5, and many of them still seem to have the > potential to be bypassed.
I would not take the lack of explicit mention on the release page (or for that matter lack of conference presentations or undeadly.org articles) on a specific item as proof of absence of activity. Improvements happen all the time, and changes that are not explicitly marked as being ROP-related may very well have an effect on the phenomenon anyway. By focusing on versions that have been unsupported for years you mainly ensure that the people who could have addressed any issuse you find will not bother. If you actually want what you find to matter, for your own good please shift your focus to -current or at least one or both of the still supported releases. - Peter -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
