On 11/01/2016 12:56 AM, Evgeniy Stepanov wrote: > Basically, these days code pages are not writable and stack/data pages - > not executable, and the majority of exploits require finding a code > pointer in writable memory and replacing it with something different. > I.e. hijacking the control flow of the program. Of course this requires > the ability to write to the program memory, but that's what all the heap > overflow and use-after-free bugs are for. > > CFI is about limiting possible control flow as much as possible.
So it's yet another layer of runtime checking trying to move the exploits around. Sigh, I'll throw it on the pile. Thanks for the heads up, Rob _______________________________________________ Toybox mailing list Toybox@lists.landley.net http://lists.landley.net/listinfo.cgi/toybox-landley.net
