> We would like to collaborate with OpenBSD in researching how to reduce the
> number of gadgets and increase the difficulty of using gadgets.
I've think I've vaguely explained how that works.
All the mitigations efforst went like this:
1) come up with an idea
2) write a complete working prototype
3) test the change in simple demonstration programs
4) next, test it in *ALL THE UPSTREAM CODE IN THE UNIVERSE*
a) evaluate if the idea is viable
i) performance
ii) measureably increasing resistance
iii) extremely low false positive problems
If these metrics are not satisfied, throw away idea or go back to 2)
b) fix ALL false positives in upstream code
In earlier emails you mentioned 3 ideas, but didn't make it beyond step 1.
> However, our efforts can increase the difficulty of ROP
> attacks, which is meaningful
I am not going to help with steps 2+, because I have other cross-platform
mitigations already in development and don't have time to do work on other
people's theories.
Most importantly, I care more about solutions that improve fixed-length
instruction architectures, where polymorphic ROP isn't a concern.
If I sound flippant, it is because I've spent decades working on
mitigations which help even when amd64 ROP remains possible, and your
first step was to disable them, bypass them, and most significantly --
failed to mention that you gutted the mitigation group.
