5

Introduced by Microsoft in recent versions of Windows and its compilers, Control Flow Guard is a useful defence in depth measure in the mitigation of return-oriented programming exploits.

My question is, is there any equivalent of this available or planned on any other operating system and compiler - particularly Linux and GCC?

James Jameson
  • 51
  • 2
  • IIRC only clang provides a similar technique – Yorick de Wid Sep 01 '16 at 13:35
  • 2
    This requires a compatible runtime loader. There are such systems on Linux, coming from app security research. A prominent example that comes to mind is *libdetox* from Mathias Payer. Read his thesis for details: `Safe Loading and Efficient Runtime Confinement: A Foundation for Secure Execution`. – Steve Dodier-Lazaro Sep 01 '16 at 13:53

2 Answers2

3

It appears to that there are two possible implementation working in Linux. One is made by grsecurity named: "Reuse attack Protector (RAP)". Another is in llvm implemented and calls control flow integrity (cfi). As I understood: CFG is the marketing name of Microsoft for control flow integrity.

The Chrome Team seems to work with that very well.

Most of the information came from Hanno Böck's Presentation. He also provides some more details where CFI/CFG would have helped. In addition, you might take a look at this. Just not that you get the impression that this is a silver bullet.

Akendo
  • 131
  • 4
  • 1
    your endgame post URL has changed, [here](https://www.endgame.com/blog/technical-blog/disarming-control-flow-guard-using-advanced-code-reuse-attacks) is the new URL. – Sajuuk Aug 24 '18 at 07:06
  • I updated the URL in respect to your comment. Thank you for keep track of this. – Akendo Aug 24 '18 at 12:40
  • your informative answer should be respected, not my comment. :D – Sajuuk Aug 28 '18 at 07:27
0

XGuard from KarambaSecurity is a well tested suite implementing Control Flow Integrity for Linux on GCC and other build environments

Assaf Harel(Chief Scientist @Karamba Security)

Assaf Harel
  • 9
  • 1