Incredible how C and C++ have managed to keep the security industry busy. Not th... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

pjmlp on July 22, 2020 | parent | context | favorite | on: RIP ROP: CET Internals in Windows 20H1

Incredible how C and C++ have managed to keep the security industry busy.

Not that other languages don't have logical errors that might lead to security exploits, but in what concerns memory corruption exploits, the mitigation list just keeps pilling up.

Looking forward to how long ARM hardware memory tagging will hold on, after Intel's MPX failure.

At least so far Solaris SPARC ADI seems to hold on.

saagarjha on July 22, 2020 [–]

MPX was totally slow and cumbersome, ARM tagging should be much nicer as will be CHERI when it actually comes out.

pjmlp on July 22, 2020 | [–]

Sure, it doesn't change the fact that Intel borked it and is yet to provide a better alternative.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact