Cook: security things in Linux v5.8
Kees Cook catches
up with the security-related changes in the 5.8 kernel release.
"
With this in place, Jump-Oriented Programming (JOP, where code gadgets are chained together with jumps and calls) is no longer available to the attacker. An attacker’s code must make direct function calls. This basically reduces the 'usable' code available to an attacker from every word in the kernel text to only function entries (or jump targets). This is a 'low granularity' forward-edge Control Flow Integrity (CFI) feature, which is important (since it greatly reduces the potential targets that can be used in an attack) and cheap (implemented in hardware). It’s a good first step to strong CFI, but (as we’ve seen with things like CFG) it isn’t usually strong enough to stop a motivated attacker."