<p dir="ltr">Andrew,</p>
<p dir="ltr">CFG does not protect against valid path computing invalid data, aka, data-only attacks. I believe that is what Sergey meant, but copying him to grow the discussion ;)<br></p>
<p dir="ltr">regards,</p>
<div class="gmail_quote">On Dec 11, 2015 6:40 AM, "Andrew" <<a href="mailto:munin@mimisbrunnr.net">munin@mimisbrunnr.net</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">> Dr. Sergey Bratus did an excellent job of looking at how there is NO<br>
WAY TO DEFINE THE STANDARD EXECUTION PATH OF A PROGRAM.<br>
<br>
Really?<br>
<br>
What about the information that Control Flow Guard generates? Then<br>
there's a map of "for each indirect branch, these are the allowable<br>
targets of that indirect branch." It seems that any control flow<br>
integrity system builds and describes some approximation of the<br>
"standard execution paths of a program" by design.<br>
<br>
Of course even if you get "execution path" right it doesn't even capture<br>
stuff like side channels, which I guess is what Bratus is talking about<br>
when he says "Advanced exploitation is rapidly becoming synonymous with<br>
the system operating exactly as designed — and yet getting manipulated<br>
by attackers" although I don't know if "attacks from the 70s" are really<br>
"advanced" ...<br>
<br>
On 12/09/2015 02:30 PM, Dave Aitel wrote:<br>
> <a href="http://cybersecpolitics.blogspot.com/2015/12/the-force-awakens-dec-8-wassenaar.html" rel="noreferrer" target="_blank">http://cybersecpolitics.blogspot.com/2015/12/the-force-awakens-dec-8-wassenaar.html</a><br>
><br>
> You should read that probably. Basically everyone on this list is<br>
> effected by those issues.<br>
><br>
> -dave<br>
><br>
><br>
><br>
><br>
> _______________________________________________<br>
> Dailydave mailing list<br>
> <a href="mailto:Dailydave@lists.immunityinc.com">Dailydave@lists.immunityinc.com</a><br>
> <a href="https://lists.immunityinc.com/mailman/listinfo/dailydave" rel="noreferrer" target="_blank">https://lists.immunityinc.com/mailman/listinfo/dailydave</a><br>
><br>
_______________________________________________<br>
Dailydave mailing list<br>
<a href="mailto:Dailydave@lists.immunityinc.com">Dailydave@lists.immunityinc.com</a><br>
<a href="https://lists.immunityinc.com/mailman/listinfo/dailydave" rel="noreferrer" target="_blank">https://lists.immunityinc.com/mailman/listinfo/dailydave</a><br>
</blockquote></div>