On Thu, Jun 7, 2018 at 7:41 AM Yu-cheng Yu <yu-cheng.yu@xxxxxxxxx> wrote: > > This series introduces CET - Shadow stack I think you should add some mitigation against sigreturn-oriented programming. How about creating some special token on the shadow stack that indicates the presence of a signal frame at a particular address when delivering a signal and verifying and popping that token in sigreturn? The token could be literally the address of the signal frame, and you could make this unambiguous by failing sigreturn if CET is on and the signal frame is in executable memory. IOW, it would be a shame if sigreturn() itself became a convenient CET-bypassing gadget. --Andy
