This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [PATCH 0/2] aarch64: Enable pointer auth in PLT

* Szabolcs Nagy:

> On 21/06/2019 10:12, Florian Weimer wrote:
>> * Szabolcs Nagy:
>> 
>>> Pointer authentication is an armv8.3-a extension and it can be used
>>> to harden PLTGOT entries when that is not read-only protected.
>>>
>>> binutils bfd linker now supports creating binaries with -z pac-plt
>>> and then PLT entries authenticate the pointers loaded from PLTGOT.
>>>
>>> To support such binaries the glibc dynamic linker has to "sign" the
>>> pointers in the PLTGOT. On cpus without pointer authentication support,
>>> both the sign and authentication operations are nops, so such binaries
>>> may appear to work now, but on a new cpu they will crash without glibc
>>> support.
>> 
>> I think you need to enable this feature in a different way, similar to
>> the non-executable stack.  Otherwise, people will have to decide whether
>> they want to build portable binaries or binaries with security
>> hardening, which is not desirable.
>
> with non-executable stack, a hardened binary works on
> an old system that uses executable stack.
>
> in this case a hardened binary does not work on an old
> system that's unaware of pointer auth.

Does it work on an old system without kernel support for pointer
authentication?  With just support in the CPU?

Thanks,
Florian
Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]