> > On Tue, 2023-01-24 at 17:26 +0100, David Hildenbrand wrote: > > > > > Isn't it possible to overwrite GOT pointers using the same vector? > > > > > So I think it's merely reflecting the status quo. > > > > > > > > There was some debate on this. /proc/self/mem can currently write > > > > through read-only memory which protects executable code. So should > > > > shadow stack get separate rules? Is ROP a worry when you can > > > > overwrite executable code? > > > > > > > > > > The question is, if there is reasonable debugging reason to keep it. > > > I > > > assume if a debugger would adjust the ordinary stack, it would have > > > to adjust the shadow stack as well (oh my ...). So it sounds > > > reasonable to have it in theory at least ... not sure when debugger > > > would support that, but maybe they already do. > > > > GDB support for shadow stack is queued up for whenever the kernel > > interface settles. I believe it just uses ptrace, and not this proc. > > But yea ptrace poke will still need to use FOLL_FORCE and be able to > > write through shadow stacks. > > Our patches for GDB use /proc/PID/mem to read/write shadow stack > memory. > However, I think it should be possible to change this to ptrace but GDB > normally uses /proc/PID/mem to read/write target memory. > > Regards, > Christina I just noticed that GDBSERVER actually uses ptrace, so our patches currently use both: ptrace and proc/PID/mem to read/write shadow stack memory. Regards, Christina Intel Deutschland GmbH Registered Address: Am Campeon 10, 85579 Neubiberg, Germany Tel: +49 89 99 8853-0, www.intel.de <http://www.intel.de> Managing Directors: Christin Eisenschmid, Sharon Heck, Tiffany Doon Silva Chairperson of the Supervisory Board: Nicole Lau Registered Office: Munich Commercial Register: Amtsgericht Muenchen HRB 186928
