This is the mail archive of the
gcc@gcc.gnu.org
mailing list for the GCC project.
Re: PoC: Function Pointer Protection in C Programs
- From: OndÅej BÃlka <neleai at seznam dot cz>
- To: Stephen Röttger <stephen dot roettger at gmail dot com>
- Cc: oss-security at lists dot openwall dot com, gcc at gcc dot gnu dot org
- Date: Wed, 21 Aug 2013 18:26:03 +0200
- Subject: Re: PoC: Function Pointer Protection in C Programs
- References: <5214D201 dot 1010509 at googlemail dot com>
On Wed, Aug 21, 2013 at 04:43:13PM +0200, Stephen Röttger wrote:
> Hi everyone,
>
> I'd like to present you my master's thesis "Malicious Code Execution
> Prevention through Function Pointer Protection" [0] and its
> proof-of-concept implementation [1] for the gcc+glibc and would
> appreciate some feedback.
>
>
> Performance:
> Though my PoC implementation is not free of bugs, I was able to compile
> an nginx webserver and have it serve static websites, which I used for a
> performance evaluation. On my test system, the number of requests per
> second that the nginx could was reduced to 96% compared to a nginx
> without the scheme. Handling of a single request included 71 function
> pointer calls in this case. (More details can be found in my thesis [0])
>
What is performance impact for program that just qsorts big array? It
looks like worst case scenario for me.
Well now when gcc-4.7 can resolve function pointers it is possible to
create header to inline comparison but still.