This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: RFC: Shadow Stack support in glibc
- From: Paul Eggert <eggert at cs dot ucla dot edu>
- To: "H.J. Lu" <hjl dot tools at gmail dot com>, GNU C Library <libc-alpha at sourceware dot org>
- Cc: Igor Tsimbalist <tigor dot tools at gmail dot com>, vedvyas dot shanbhogue at intel dot com, yu-cheng dot yu at intel dot com
- Date: Mon, 5 Jun 2017 15:41:44 -0700
- Subject: Re: RFC: Shadow Stack support in glibc
- Authentication-results: sourceware.org; auth=none
- References: <CAMe9rOqN7oNWWmbw_NmaP=TpBDY7jh=MNbJQNaiOR901Rs7bcw@mail.gmail.com>
On 06/05/2017 02:36 PM, H.J. Lu wrote:
To enable Shadow Stack in glibc, there are 2 approaches:
1. Only support Shadow Stack in getcontext/setcontext and disallow
makecontext/swapcontext when Shadow Stack is used.
2. Disallow getcontext/setcontext/makecontext/swapcontext when
when Shadow Stack is used.
The latter sounds simpler. Do you know of applications that would
benefit from the former?
By "disallow" do you mean that getcontext and makecontext return -1 and
set errno to ENOTSUP, or were you thinking of something else?
If we decide to disallow getcontext/setcontext/makecontext/swapcontext
when Shadow Stack is used, should we add a new set of functions
compatible with Shadow Stack to manipulate user context?
What would this new set of functions look like, and how would one modify
an application to use them? If getcontext/etc. are rarely used it might
not be worth designing replacements.