Date: Tue, 27 Sep 2016 14:35:33 -0700 From: "LeMay, Michael" <michael.lemay@...el.com> To: Rich Felker <dalias@...c.org> Cc: "musl@...ts.openwall.com" <musl@...ts.openwall.com> Subject: Re: [RFC] Support for segmentation-hardened SafeStack On 9/27/2016 07:43, Rich Felker wrote: > On Mon, Sep 26, 2016 at 11:05:06PM -0700, LeMay, Michael wrote: ... >> Arguments, whether variadic or not, are still passed on the main >> (safe) stack like usual, and they can be used in-place. > Here I think we're just differing on what "used in-place" means. For > me that would include the ability to take their addresses. I assume > you're just talking about using the values. I see your point now. Yes, when SafeStack determines that a local variable or argument may be accessed unsafely, it moves or copies (respectively) that allocation to the unsafe stack. Incidentally, I thought that just taking the address of a local variable or argument (e.g. for pointer comparisons within a single function) would not necessarily result in it being moved to the unsafe stack, but re-reading the SafeStack pass and running some tests showed me that the pass currently does move such allocations to the unsafe stack. ... > > This is another place where I think we're just using terms > differently. From my perspective (the formal C language) variadic > argument handling does not involve taking or dereferencing addresses > on the stack; those are just va_list/va_arg implementation details. At > the level of the formal language I think there are no exceptions; in > all cases where the address on "the stack" leaks outside the scope of > what the compiler can see/control, "the stack" it's on has to be the > unsafe stack. Yes, we're in agreement. For completeness, I'll note that there are other ways for safe stack pointers to leak: http://clang.llvm.org/docs/SafeStack.html#known-security-limitations Thanks, Michael
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.