On Sun, Jan 30, 2022 at 11:57 PM Florian Weimer <fweimer@xxxxxxxxxx> wrote: > > * Rick Edgecombe: > > > For the current shadow stack implementation, shadow stacks contents cannot > > be arbitrarily provisioned with data. This property helps apps protect > > themselves better, but also restricts any potential apps that may want to > > do exotic things at the expense of a little security. > > > > The x86 shadow stack feature introduces a new instruction, wrss, which > > can be enabled to write directly to shadow stack permissioned memory from > > userspace. Allow it to get enabled via the prctl interface. > > Why can't this be turned on unconditionally? WRSS can be a security risk since it defeats the whole purpose of Shadow Stack. If an application needs to write to shadow stack, it can make a syscall to enable it. After the CET patches are checked in Linux kernel, I will make a proposal to allow applications or shared libraries to opt-in WRSS through a linker option, a compiler option or a function attribute. -- H.J.
