As attackers have lost the easy ability to execute code stored in writable memory, they have increasingly turned to return-oriented programming (ROP) and related techniques to compromise vulnerable systems. ROP attacks use the code that is present in the program under attack and are hard to defend against in software. In response, hardware vendors are developing ways to defeat ROP-like techniques at a lower level. One of the results is Intel's Control-Flow Enforcement Technology (CET) [PDF], which adds two mechanisms (shadow stacks and indirect-branch tracking) that are intended to resist these attacks. Yu-cheng Yu recently posted a set of patches showing how this technology is to be used to defend Linux systems.