PING [Patch][Middle-end]Add -fzero-call-used-regs=[skip|used-gpr|all-gpr|used|all]
Qing Zhao
QING.ZHAO@ORACLE.COM
Tue Sep 15 03:07:31 GMT 2020
> On Sep 14, 2020, at 6:09 PM, Segher Boessenkool <segher@kernel.crashing.org> wrote:
>
> On Fri, Sep 11, 2020 at 05:41:47PM -0500, Qing Zhao wrote:
>>> On Sep 11, 2020, at 4:51 PM, Segher Boessenkool <segher@kernel.crashing.org> wrote:
>>> It is definitely *not* effective if there are gadgets that set rax to
>>> a value the attacker wants and then do a syscall.
>>
>> You mean the following gadget:
>>
>>
>> Gadget 1:
>>
>> mov rax, value
>> syscall
>> ret
>
> No, just
>
> mov rax,59
> syscall
>
> (no ret necessary!)
But for ROP, a typical gadget should be ended with a “ret” (or indirect branch), right?
Qing
>
> I.e. just anything that already does an execve.
>
>
> Segher
More information about the Gcc-patches
mailing list