October 01, 2014 [Issue 13562] New: [Enh] add permute[=seed] command line argument to dmd | ||||
|---|---|---|---|---|
| ||||
 | https://issues.dlang.org/show_bug.cgi?id=13562 Issue ID: 13562 Summary: [Enh] add permute[=seed] command line argument to dmd Product: D Version: D2 Hardware: All OS: All Status: NEW Severity: enhancement Priority: P1 Component: DMD Assignee: nobody@puremagic.com Reporter: bugzilla@digitalmars.com Return-Oriented-Programming (ROP) is a common attack method that malware uses to exploit buffer overflows: http://en.wikipedia.org/wiki/Return-oriented_programming It relies on code having predictable contents and being in predictable locations. The compiler often makes potayto-potahto decisions when generating code. By optionally providing a random value to the compiler, it can use that to toss a coin for the decision, making the generated code slightly different - different enough to defeat many ROP attacks. Perturbations can be: changing the stack layout of locals changing the order of register selection changing the scheduling order of instructions weights given to loop variables instruction selection etc. Syntax: -perturb=seed // use seed to guide the compiler's coin toss -perturb // have the compiler generate its own seed, likely by // using the clock. -v will cause this value to be printed default // use a seed value of 0, causing the same behavior the // compiler has now Using this can also shake out compiler bugs by "fuzz" testing of different paths through the compiler. It can help isolate stack corruption code bugs by helping find a more reproducible test case. This switch can be particularly useful for those who are willing to build their apps from source, so that their executable will be different from anybody else's built from the identical source. It shouldn't be hard to implement. -- | |||
Permalink
ReplyCopyright © 1999-2021 by the D Language Foundation