Re: [PATCH] hardening: Refresh KCFI options, add some more

From: Peter Zijlstra
Date: Wed May 01 2024 - 07:07:06 EST

Next message: Mike Leach: "Re: [PATCH 09/17] coresight: Clarify comments around the PID of the sink owner"
Previous message: Mike Leach: "Re: [PATCH 08/17] coresight: Remove unused stubs"
Next in thread: Kees Cook: "Re: [PATCH] hardening: Refresh KCFI options, add some more"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Apr 30, 2024 at 10:48:36AM -0700, Kees Cook wrote:
> On Tue, Apr 30, 2024 at 11:21:40AM +0200, Peter Zijlstra wrote:
> > On Fri, Apr 26, 2024 at 03:29:44PM -0700, Kees Cook wrote:
> >
> > > - CONFIG_CFI_CLANG=y for x86 and arm64. (And disable FINEIBT since
> > > it isn't as secure as straight KCFI.)
> >
> > Oi ?
>
> Same objection I always had[1]: moving the check into the destination
> means attacks with control over executable memory contents can just omit
> the check.

I thought it was game over if you could write arbitrary test anyway?

The whole CFI thing was about clobbering data (function pointers to be
more specific), and both are robust against that.

Next message: Mike Leach: "Re: [PATCH 09/17] coresight: Clarify comments around the PID of the sink owner"
Previous message: Mike Leach: "Re: [PATCH 08/17] coresight: Remove unused stubs"
Next in thread: Kees Cook: "Re: [PATCH] hardening: Refresh KCFI options, add some more"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]