Re: [RFC 37/37] fs/binfmt_elf: Block old shstk elf bit

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



* Rick P. Edgecombe:

> On Sun, 2022-11-06 at 10:33 +0100, Florian Weimer wrote:
>> * H. J. Lu:
>> 
>> > This change doesn't make a binary CET compatible.  It just requires
>> > that the toolchain must be updated and all binaries have to be
>> > recompiled with the new toolchain to enable CET.  It doesn't solve
>> > any
>> > issue which can't be solved by not updating glibc.
>> 
>> Right, and it doesn't even address the library case (the kernel would
>> have to hook into mmap for that).  The kernel shouldn't do this.
>
> Shadow stack shouldn't enable as a result of loading a library, if
> that's what you mean.

It's the opposite—loading incompatible libraries needs to disable shadow
stack (or ideally, not enable it in the first place).  Technically, I
think most incompatible code resides in libraries, so this kernel change
achieves nothing besides punishing early implementations of the
published-as-finalized x86-64 ABI.

Thanks,
Florian






[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Bugtraq]     [Linux OMAP]     [Linux MIPS]     [eCos]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux