I meant particularly the return-to-libc type of attacks that the canary (to some extent) protects against, when I claimed immunity (and improved performance).
We have some stuff to talk about on the protecting authentication flags and things front too, but I'm afraid that'll have to wait for the Security talk.
One other security-related aspect that we have already presented is how stack debris is not readable once returned, so malicious code can't go looking at it.
We've also talked a little bit about how we don't have rings, and we have very cheap syscalls across protection boundaries. So there are some hints of stuff to come.
On the conceptual level, ROP and return into libc are the same thing. You need to start them by overwriting an address somewhere, and the return address is a natural candidate.
I meant particularly the return-to-libc type of attacks that the canary (to some extent) protects against, when I claimed immunity (and improved performance).
We have some stuff to talk about on the protecting authentication flags and things front too, but I'm afraid that'll have to wait for the Security talk.
One other security-related aspect that we have already presented is how stack debris is not readable once returned, so malicious code can't go looking at it.
We've also talked a little bit about how we don't have rings, and we have very cheap syscalls across protection boundaries. So there are some hints of stuff to come.