This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: RFC: Shadow Stack support in glibc

From: Paul Eggert <eggert at cs dot ucla dot edu>
To: "H.J. Lu" <hjl dot tools at gmail dot com>, GNU C Library <libc-alpha at sourceware dot org>
Cc: Igor Tsimbalist <tigor dot tools at gmail dot com>, vedvyas dot shanbhogue at intel dot com, yu-cheng dot yu at intel dot com
Date: Mon, 5 Jun 2017 15:41:44 -0700
Subject: Re: RFC: Shadow Stack support in glibc
Authentication-results: sourceware.org; auth=none
References: <CAMe9rOqN7oNWWmbw_NmaP=TpBDY7jh=MNbJQNaiOR901Rs7bcw@mail.gmail.com>

On 06/05/2017 02:36 PM, H.J. Lu wrote:

To enable Shadow Stack in glibc, there are 2 approaches:

1. Only support Shadow Stack in getcontext/setcontext and disallow
makecontext/swapcontext when Shadow Stack is used.
2. Disallow getcontext/setcontext/makecontext/swapcontext when
when Shadow Stack is used.

The latter sounds simpler. Do you know of applications that wouldbenefit from the former?

By "disallow" do you mean that getcontext and makecontext return -1 andset errno to ENOTSUP, or were you thinking of something else?

If we decide to disallow getcontext/setcontext/makecontext/swapcontext
when Shadow Stack is used, should we add a new set of functions
compatible with Shadow Stack to manipulate user context?

What would this new set of functions look like, and how would one modifyan application to use them? If getcontext/etc. are rarely used it mightnot be worth designing replacements.

Follow-Ups:
- Re: RFC: Shadow Stack support in glibc
  - From: H.J. Lu

References:
- RFC: Shadow Stack support in glibc
  - From: H.J. Lu

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]