Re: [RFC 37/37] fs/binfmt_elf: Block old shstk elf bit

From: Florian Weimer
Date: Mon Nov 07 2022 - 11:57:08 EST

Next message: Doug Anderson: "Re: [PATCH] clk: qcom: Update the force mem core bit for GPU clocks"
Previous message: Björn Töpel: "Re: [PATCH v4 6/8] riscv/kprobe: Add code to check if kprobe can be optimized"
In reply to: Edgecombe, Rick P: "Re: [RFC 37/37] fs/binfmt_elf: Block old shstk elf bit"
Next in thread: Edgecombe, Rick P: "Re: [RFC 37/37] fs/binfmt_elf: Block old shstk elf bit"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

* Rick P. Edgecombe:

> On Sun, 2022-11-06 at 10:33 +0100, Florian Weimer wrote:
>> * H. J. Lu:
>>
>> > This change doesn't make a binary CET compatible. It just requires
>> > that the toolchain must be updated and all binaries have to be
>> > recompiled with the new toolchain to enable CET. It doesn't solve
>> > any
>> > issue which can't be solved by not updating glibc.
>>
>> Right, and it doesn't even address the library case (the kernel would
>> have to hook into mmap for that). The kernel shouldn't do this.
>
> Shadow stack shouldn't enable as a result of loading a library, if
> that's what you mean.

It's the opposite—loading incompatible libraries needs to disable shadow
stack (or ideally, not enable it in the first place). Technically, I
think most incompatible code resides in libraries, so this kernel change
achieves nothing besides punishing early implementations of the
published-as-finalized x86-64 ABI.

Thanks,
Florian

Next message: Doug Anderson: "Re: [PATCH] clk: qcom: Update the force mem core bit for GPU clocks"
Previous message: Björn Töpel: "Re: [PATCH v4 6/8] riscv/kprobe: Add code to check if kprobe can be optimized"
In reply to: Edgecombe, Rick P: "Re: [RFC 37/37] fs/binfmt_elf: Block old shstk elf bit"
Next in thread: Edgecombe, Rick P: "Re: [RFC 37/37] fs/binfmt_elf: Block old shstk elf bit"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]