Re: [PATCH v11 25/25] x86/cet/shstk: Add arch_prctl functions for shadow stack

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 9/16/2020 6:52 AM, Andy Lutomirski wrote:
On Mon, Sep 14, 2020 at 2:14 PM Dave Hansen <dave.hansen@xxxxxxxxx> wrote:

On 9/14/20 11:31 AM, Andy Lutomirski wrote:
No matter what we do, the effects of calling vfork() are going to be a
bit odd with SHSTK enabled.  I suppose we could disallow this, but
that seems likely to cause its own issues.

What's odd about it?  If you're a vfork()'d child, you can't touch the
stack at all, right?  If you do, you or your parent will probably die a
horrible death.


An evil program could vfork(), have the child do a bunch of returns
and a bunch of calls, and exit.  The net effect would be to change the
parent's shadow stack contents.  In a sufficiently strict model, this
is potentially problematic.

When a vfork child returns, its parent's shadow stack pointer is where it was before the child starts. To move the shadow stack pointer and re-use the content left by the child, the parent needs to use CALL, RET, INCSSP, or RSTORSSP. This seems to be difficult.


The question is: how much do we want to protect userspace from itself?
>

If any issue comes up, people can always find ways to counter it.

--Andy




[Index of Archives]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Linux FS]     [Yosemite Forum]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]     [Linux Resources]

  Powered by Linux