OpenBSD now has Trapsleds to make life harder for ROPers

You heard it here (or on tech@) first: Trapsleds are in, and it makes OpenBSD even safer. Work done by Todd Mortimer and submitted to tech@ in the Trapsleds thread was later committed by Theo de Raadt.

Todd's message to tech says,

I have attached a patch that converts NOP padding from the assemblerinto INT3 padding on amd64. The idea is to remove potentially conveinentNOP sleds from programs and libraries, which makes it harder for anattacker to hit any ROP gadgets or other instructions after a NOP sled.

Read more...