On Mon, Oct 03, 2022 at 03:28:47PM -0700, Kees Cook wrote: > On Thu, Sep 29, 2022 at 03:29:26PM -0700, Rick Edgecombe wrote: > > For the current shadow stack implementation, shadow stacks contents easily > > be arbitrarily provisioned with data. > > I can't parse this sentence. > > > This property helps apps protect > > themselves better, but also restricts any potential apps that may want to > > do exotic things at the expense of a little security. > > Is anything using this right now? Wouldn't thing be safer without WRSS? > (Why can't we skip this patch?) CRIU uses WRSS to restore the shadow stack contents. > -- > Kees Cook -- Sincerely yours, Mike.
