diff for duplicates of <1529622448.30393.22.camel@intel.com> diff --git a/a/1.txt b/N1/1.txt index cbd4c86..8838e30 100644 --- a/a/1.txt +++ b/N1/1.txt @@ -98,3 +98,7 @@ Can we mandate a signal handler (to turn off CET) when ((dlopen is used Ok, got it. Yu-cheng +-- +To unsubscribe from this list: send the line "unsubscribe linux-doc" in +the body of a message to majordomo@vger.kernel.org +More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/a/content_digest b/N1/content_digest index 6d6b77c..5d32dbc 100644 --- a/a/content_digest +++ b/N1/content_digest @@ -148,6 +148,10 @@ "\n" "Ok, got it.\n" "\n" - Yu-cheng + "Yu-cheng\n" + "--\n" + "To unsubscribe from this list: send the line \"unsubscribe linux-doc\" in\n" + "the body of a message to majordomo@vger.kernel.org\n" + More majordomo info at http://vger.kernel.org/majordomo-info.html -47445f51c9dde4c7a25132ee7f3475c6b5b91c530d9b5365f238eb249c9b3247 +a1dc6088a7747d1102b92ac59bf40efd2848dd7d0849143446cdcd21b9646cdc
diff --git a/a/1.txt b/N2/1.txt index cbd4c86..42d83b8 100644 --- a/a/1.txt +++ b/N2/1.txt @@ -36,20 +36,20 @@ On Tue, 2018-06-19 at 17:50 -0700, Andy Lutomirski wrote: > > > No, other way around. The valid CET states are on/unlocked, > > > off/unlocked, on/locked, off/locked. arch_prctl can freely the > > > state -> > > unless locked. ptrace can change it no matter what. The lock is +> > > unless locked. ptrace can change it no matter what.A A The lock is > > > to > > > prevent the existence of a gadget to disable CET (unless the > > > gadget -> > > involves ptrace, but I don’t think that’s a real concern). +> > > involves ptrace, but I dona??t think thata??s a real concern). > > We have the arch_prctl now and only need to add ptrace lock/unlock. > > > > Back to the dlopen() "relaxed" mode. Would the following work? > > > > If the lib being loaded does not use setjmp/getcontext families > > (the -> > loader knows?), then the loader leaves shstk on. -> Will that actually work? Are there libs that do something like -> longjmp without actually using the glibc longjmp routine? What about +> > loader knows?), then the loader leaves shstk on.A A +> Will that actually work?A A Are there libs that do something like +> longjmp without actually using the glibc longjmp routine?A A What about > compilers that statically match a throw to a catch and try to return > through several frames at once? > @@ -60,14 +60,14 @@ handled. To summarize the dlopen() situation, ---- -(1) We don't want to fall back like the following. One reason is +(1) We don't want to fall back like the following. A One reason is turning off SHSTK for threads is tricky. if ((dlopen() a legacy library) && (cet_policy==relaxed)) { /* - * We don't care if the library will actually fault; - * just turn off CET protection now. - */ + A * We don't care if the library will actually fault; + A * just turn off CET protection now. + A */ Turn off CET; } @@ -82,17 +82,17 @@ Can we mandate a signal handler (to turn off CET) when ((dlopen is used > > Otherwise, if the > > system-wide setting is "relaxed", the loader turns off shstk and > > issues -> > a warning. In addition, if (dlopen == relaxed), then cet is not +> > a warning.A A In addition, if (dlopen == relaxed), then cet is not > > locked > > in any time. > > > > The system-wide setting (somewhere in /etc?) can be: > > -> > dlopen=force|relaxed /* controls dlopen of non-cet libs */ -> > exec=force|relaxed /* controls exec of non-cet apps */ +> > A A A dlopen=force|relaxed /* controls dlopen of non-cet libs */ +> > A A A exec=force|relaxed /* controls exec of non-cet apps */ > > > > -> Why do we need a whole new mechanism here? Can’t all this use +> Why do we need a whole new mechanism here?A A Cana??t all this use > regular glibc tunables? Ok, got it. diff --git a/a/content_digest b/N2/content_digest index 6d6b77c..10c7554 100644 --- a/a/content_digest +++ b/N2/content_digest @@ -87,20 +87,20 @@ "> > > No, other way around. The valid CET states are on/unlocked,\n" "> > > off/unlocked, on/locked, off/locked. arch_prctl can freely the\n" "> > > state\n" - "> > > unless locked. ptrace can change it no matter what.\302\240\302\240The lock is\n" + "> > > unless locked. ptrace can change it no matter what.A A The lock is\n" "> > > to\n" "> > > prevent the existence of a gadget to disable CET (unless the\n" "> > > gadget\n" - "> > > involves ptrace, but I don\342\200\231t think that\342\200\231s a real concern).\n" + "> > > involves ptrace, but I dona??t think thata??s a real concern).\n" "> > We have the arch_prctl now and only need to add ptrace lock/unlock.\n" "> > \n" "> > Back to the dlopen() \"relaxed\" mode. Would the following work?\n" "> > \n" "> > If the lib being loaded does not use setjmp/getcontext families\n" "> > (the\n" - "> > loader knows?), then the loader leaves shstk on.\302\240\302\240\n" - "> Will that actually work?\302\240\302\240Are there libs that do something like\n" - "> longjmp without actually using the glibc longjmp routine?\302\240\302\240What about\n" + "> > loader knows?), then the loader leaves shstk on.A A \n" + "> Will that actually work?A A Are there libs that do something like\n" + "> longjmp without actually using the glibc longjmp routine?A A What about\n" "> compilers that statically match a throw to a catch and try to return\n" "> through several frames at once?\n" "> \n" @@ -111,14 +111,14 @@ "To summarize the dlopen() situation,\n" "\n" "----\n" - "(1) We don't want to fall back like the following. \302\240One reason is\n" + "(1) We don't want to fall back like the following. A One reason is\n" "turning off SHSTK for threads is tricky.\n" "\n" "if ((dlopen() a legacy library) && (cet_policy==relaxed)) {\n" "\t/*\n" - "\t\302\240* We don't care if the library will actually fault;\n" - "\t\302\240* just turn off CET protection now.\n" - "\t\302\240*/\n" + "\tA * We don't care if the library will actually fault;\n" + "\tA * just turn off CET protection now.\n" + "\tA */\n" "\tTurn off CET;\n" "}\n" "\n" @@ -133,21 +133,21 @@ "> > Otherwise, if the\n" "> > system-wide setting is \"relaxed\", the loader turns off shstk and\n" "> > issues\n" - "> > a warning.\302\240\302\240In addition, if (dlopen == relaxed), then cet is not\n" + "> > a warning.A A In addition, if (dlopen == relaxed), then cet is not\n" "> > locked\n" "> > in any time.\n" "> > \n" "> > The system-wide setting (somewhere in /etc?) can be:\n" "> > \n" - "> > \302\240\302\240\302\240dlopen=force|relaxed /* controls dlopen of non-cet libs */\n" - "> > \302\240\302\240\302\240exec=force|relaxed /* controls exec of non-cet apps */\n" + "> > A A A dlopen=force|relaxed /* controls dlopen of non-cet libs */\n" + "> > A A A exec=force|relaxed /* controls exec of non-cet apps */\n" "> > \n" "> > \n" - "> Why do we need a whole new mechanism here?\302\240\302\240Can\342\200\231t all this use\n" + "> Why do we need a whole new mechanism here?A A Cana??t all this use\n" "> regular glibc tunables?\n" "\n" "Ok, got it.\n" "\n" Yu-cheng -47445f51c9dde4c7a25132ee7f3475c6b5b91c530d9b5365f238eb249c9b3247 +95d3d66466386b820ac36dad881bc3eb35dd2d60b40a914c7fb1f2f78272ac2f
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.