This week Joe discusses Intel’s CET announcement with John Johansen, plus Alex details recent security fixes including SQLite, fwupd, NSS, DBus and more.
24 unique CVEs addressed
Return Oriented Programming (ROP) https://en.wikipedia.org/wiki/Return-oriented%5Fprogramming
Sigreturn Oriented Programming (SROP) (https://en.wikipedia.org/wiki/Sigreturn-oriented%5Fprogramming
Jump/Call Oriented Programming (JOP) https://www.csc2.ncsu.edu/faculty/xjiang4/pubs/ASIACCS11.pdf
Control-flow Enforcement technology (CET)
CFI in software
Kernel
gcc
glibc
LLVM/Clang
CET on windows
Pre CET software based CFI on windows
Papers/talks on attacking CET/CFI
Smashing the stack for fun and profit
StackClash