On Mon, 2018-06-25 at 22:26 -0700, Andy Lutomirski wrote: > On Thu, Jun 7, 2018 at 7:41 AM Yu-cheng Yu <yu-cheng.yu@xxxxxxxxx> > wrote: > > > > > > This series introduces CET - Shadow stack > I think you should add some mitigation against sigreturn-oriented > programming. How about creating some special token on the shadow > stack that indicates the presence of a signal frame at a particular > address when delivering a signal and verifying and popping that token > in sigreturn? The token could be literally the address of the signal > frame, and you could make this unambiguous by failing sigreturn if > CET > is on and the signal frame is in executable memory. > > IOW, it would be a shame if sigreturn() itself became a convenient > CET-bypassing gadget. > > --Andy I will look into that. Thanks, Yu-cheng
