[Cryptography] Can crypto implement OS/FS protections ?

qua3k qua3kr at gmail.com
Sat Nov 19 21:48:47 EST 2022


On 11/18/22, Henry Baker <hbaker1 at pipeline.com> wrote:
> For example, any *return addresses* could conceivably be stored on the
> stack and cryptographically signed in such a manner that they couldn't be
> spoofed by an attacker.
>
> I have to believe that someone, somewhere has already thought about
> this problem.

You're right, someone already has; Crispin Cowan did the random XOR
canary back in 1999 (https://lwn.net/1999/1111/a/stackguard.html).

This later inspired PaX's RAP cookie protection and possibly OpenBSD's
RETGUARD. There are inherent problems with implementing any sort of
return address protection in software on x86 platforms because of
cross-thread write primitives...


More information about the cryptography mailing list