On Mon, Sep 14, 2020 at 2:14 PM Dave Hansen <dave.hansen@xxxxxxxxx> wrote: > > On 9/14/20 11:31 AM, Andy Lutomirski wrote: > > No matter what we do, the effects of calling vfork() are going to be a > > bit odd with SHSTK enabled. I suppose we could disallow this, but > > that seems likely to cause its own issues. > > What's odd about it? If you're a vfork()'d child, you can't touch the > stack at all, right? If you do, you or your parent will probably die a > horrible death. > An evil program could vfork(), have the child do a bunch of returns and a bunch of calls, and exit. The net effect would be to change the parent's shadow stack contents. In a sufficiently strict model, this is potentially problematic. The question is: how much do we want to protect userspace from itself? --Andy
