On 10/3/22 11:39, Kees Cook wrote:
On Thu, Sep 29, 2022 at 03:29:19PM -0700, Rick Edgecombe wrote:
[...]
Still allow FOLL_FORCE to write through shadow stack protections, as it
does for read-only protections.
As I asked in the cover letter: why do we need to add this for shstk? It
was a mistake for general memory. :P
For debuggers, which use FOLL_FORCE, quite intentionally, to modify
text. And once a debugger has ptrace write access to a target, shadow
stacks provide exactly no protection -- ptrace can modify text and all
registers.
But /proc/.../mem may be a different story, and I'd be okay with having
FOLL_PROC_MEM for legacy compatibility via /proc/.../mem and not
allowing that to access shadow stacks. This does seem like it may not
be very useful, though.
