From da757910c8cabf97183aa4d7274b18dfb4efd004 Mon Sep 17 00:00:00 2001
From: Ward Wouts <ward@wouts.nl>
Date: Mon, 13 Mar 2023 15:36:58 +0100
Subject: [PATCH] a bit more on mitigations and the workarounds for those

---
 index.html | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/index.html b/index.html
index 33e7475..2e2b30e 100644
--- a/index.html
+++ b/index.html
@@ -384,13 +384,13 @@ template: inverse
 ]
 .right-column[
 - Stack canaries<br>
-  Place a value before the return address and check if it's been changed before returning from a function. (Good explainer here: https://www.sans.org/blog/stack-canaries-gingerly-sidestepping-the-cage/)
+  Place a value before the return address and check if it's been changed before returning from a function. Good explainer here: https://www.sans.org/blog/stack-canaries-gingerly-sidestepping-the-cage/
 - Nonexecutable stack<br>
-  W^X (write or execute) won't execute code on the stack (but will still follow return addresses).
+  W^X (write or execute) won't execute code on the stack, but will still follow return addresses. This is why ROP (return oriented programming) was invented. And later JOP (jump oriented programming).
 - Randomization<br>
-  Change function and stack addresses around so whenever a program is executed the locations are different.
+  Change function and stack addresses around so whenever a program is executed the locations are different. (On 32-bit linux only 12-bits are used for this randomization though. Which gives 4096 options, leading to a success onnce every 2048 attempts on average.)
 
-All these can be worked around given the right conditions. They just make things annoying, euh, harder.
+All these can be worked around given the right conditions. They just make things annoying, euh, harder. Better is to not have buffers with these issues in the first place.
 ]
 ---
 template: inverse