Re: [PATCH] hardening: Refresh KCFI options, add some more

From: Peter Zijlstra
Date: Wed May 01 2024 - 07:07:06 EST


On Tue, Apr 30, 2024 at 10:48:36AM -0700, Kees Cook wrote:
> On Tue, Apr 30, 2024 at 11:21:40AM +0200, Peter Zijlstra wrote:
> > On Fri, Apr 26, 2024 at 03:29:44PM -0700, Kees Cook wrote:
> >
> > > - CONFIG_CFI_CLANG=y for x86 and arm64. (And disable FINEIBT since
> > > it isn't as secure as straight KCFI.)
> >
> > Oi ?
>
> Same objection I always had[1]: moving the check into the destination
> means attacks with control over executable memory contents can just omit
> the check.

I thought it was game over if you could write arbitrary test anyway?

The whole CFI thing was about clobbering data (function pointers to be
more specific), and both are robust against that.