An OpenBSD developer and professor shares findings from a research project with grad students that tested two ROP (return-oriented programming) attack mitigations originally developed for OpenBSD — alternative register selection and compile-time instruction rewriting — ported to FreeBSD. The results fell significantly short of original claims: gadget reductions were modest (0.3–3.6% vs. claimed 6–11%), binary size increases were higher than claimed, and the two mitigations interact negatively when combined. Reviewers also noted that unique gadget count is not a meaningful security metric since many gadgets are not exploitable. As a result of this research critiquing OpenBSD security claims while being an OpenBSD developer, the author is semi-retiring from OpenBSD development to avoid conflicts of interest, and plans to redirect their lab toward systematic academic review of BSD security innovations.
Sort: