> We would like to collaborate with OpenBSD in researching how to reduce the > number of gadgets and increase the difficulty of using gadgets.
I've think I've vaguely explained how that works. All the mitigations efforst went like this: 1) come up with an idea 2) write a complete working prototype 3) test the change in simple demonstration programs 4) next, test it in *ALL THE UPSTREAM CODE IN THE UNIVERSE* a) evaluate if the idea is viable i) performance ii) measureably increasing resistance iii) extremely low false positive problems If these metrics are not satisfied, throw away idea or go back to 2) b) fix ALL false positives in upstream code In earlier emails you mentioned 3 ideas, but didn't make it beyond step 1. > However, our efforts can increase the difficulty of ROP > attacks, which is meaningful I am not going to help with steps 2+, because I have other cross-platform mitigations already in development and don't have time to do work on other people's theories. Most importantly, I care more about solutions that improve fixed-length instruction architectures, where polymorphic ROP isn't a concern. If I sound flippant, it is because I've spent decades working on mitigations which help even when amd64 ROP remains possible, and your first step was to disable them, bypass them, and most significantly -- failed to mention that you gutted the mitigation group.