Regarding cost, a few years back, I implemented a shadow stack system via static binary rewriting. The overhead was very low, 1-2%. SafeStack claims < 0.1%.
Ah, Return Flow Guard is cool - I did not know that MS had done that!
I like SafeStack, but was disappointed to learn about the limitations with shared libraries. Some SafeStack is better than no SafeStack though, and it can probably be turned on without too much effort.
I like SafeStack, but was disappointed to learn about the limitations with shared libraries. Some SafeStack is better than no SafeStack though, and it can probably be turned on without too much effort.