Re: [PATCH 00/10] Control Flow Enforcement - Part (3)

From: Andy Lutomirski
Date: Tue Jun 26 2018 - 01:27:37 EST

Next message: kbuild test robot: "Re: [PATCH V4 3/3] scsi: ufs: Add configfs support for ufs provisioning"
Previous message: jdow: "Re: moving affs + RDB partition support to staging?"
In reply to: Yu-cheng Yu: "Re: [PATCH 00/10] Control Flow Enforcement - Part (3)"
Next in thread: Yu-cheng Yu: "Re: [PATCH 00/10] Control Flow Enforcement - Part (3)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Jun 7, 2018 at 7:41 AM Yu-cheng Yu <yu-cheng.yu@xxxxxxxxx> wrote:
>
> This series introduces CET - Shadow stack

I think you should add some mitigation against sigreturn-oriented
programming. How about creating some special token on the shadow
stack that indicates the presence of a signal frame at a particular
address when delivering a signal and verifying and popping that token
in sigreturn? The token could be literally the address of the signal
frame, and you could make this unambiguous by failing sigreturn if CET
is on and the signal frame is in executable memory.

IOW, it would be a shame if sigreturn() itself became a convenient
CET-bypassing gadget.

--Andy

Next message: kbuild test robot: "Re: [PATCH V4 3/3] scsi: ufs: Add configfs support for ufs provisioning"
Previous message: jdow: "Re: moving affs + RDB partition support to staging?"
In reply to: Yu-cheng Yu: "Re: [PATCH 00/10] Control Flow Enforcement - Part (3)"
Next in thread: Yu-cheng Yu: "Re: [PATCH 00/10] Control Flow Enforcement - Part (3)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]