On 06/20/2016 02:08 PM, Michael Matz wrote:
P.S: Though I do feel these ROP counter measures are not much more than security by obscurity; I guess enough obscurity indeed can at least lead to harder to exploit programs.
I think security by obscurity is the wrong term for this. But I kind of know what you are saying, and at the moment none of us are probably in a position to say how much harder this makes exploits. We are however also working on tools that should help answer such questions, and hopefully we'll eventually be able to accumulate enough pieces like this one to make a real difference.
Bernd
