Interesting technique by Todd Mortimer to reduce the number of gadgets on x86 even further: https://marc.info/?l=openbsd-tech&m=150869222214001&w=2 #OpenBSD #clang
Todd Mortimer just landed his #RETGUARD mitigation work (aka #clang -fret-protector) into #OpenBSD -current, and enabled by default.
This uses OpenBSD's random-data memory feature, which was used by the stack protector to provide per shared object cookies.
https://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/src/libexec/ld.so/SPECS.randomdata
https://www.openbsd.org/innovations.html
"In this way RETGUARD is an improved stack protector, since the cookies are per-function."
"In the kernel, this has the effect of removing approximately 50% of total #ROP gadgets, and 15% of unique ROP gadgets compared to the 6.3 release kernel." #OpenBSD
😎