Re: [PATCH v2 29/39] x86/cet/shstk: Support wrss for userspace

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 10/3/22 15:28, Kees Cook wrote:
On Thu, Sep 29, 2022 at 03:29:26PM -0700, Rick Edgecombe wrote:
For the current shadow stack implementation, shadow stacks contents easily
be arbitrarily provisioned with data.

I can't parse this sentence.

This property helps apps protect
themselves better, but also restricts any potential apps that may want to
do exotic things at the expense of a little security.

Is anything using this right now? Wouldn't thing be safer without WRSS?
(Why can't we skip this patch?)


So that people don't write programs that need either (shstk off) or (shstk on and WRSS on) and crash or otherwise fail on kernels that support shstk but don't support WRSS, perhaps?



[Index of Archives]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Linux FS]     [Yosemite Forum]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]     [Linux Resources]

  Powered by Linux