On 06/19/2018 03:24 PM, Peter Pentchev wrote:
...this came along. So what is supposed to stop an attacker who can
inject arbitrary code into the program from modifying the keys?
Or is this supposed to stop buffer-overflow exploits that overwrite
the GOT and thus cause the attacker's code to be executed later?
Yes, it's about protecting the GOT. We can't do much about having the
WRPKRU opcode in the process image. The restore can be hidden in the
XRSTOR instruction in the assembler trampoline (which is already there
today for other reasons), and the initial update (which makes the GOT
writable) can be hardended somewhat. But it's about making it harder to
redirect execution through the GOT in the first place.
Thanks,
Florian
_______________________________________________
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/message/SPIRQLYHBIXOZ7YZIMRVU3GX2HAORJGD/
