Originally posted by Sonadow
View Post
Announcement
Collapse
No announcement yet.
The Linux Kernel Might Drop Memory Protection Extensions Support
Collapse
X
-
- Likes 2
-
Originally posted by Sonadow View PostMaybe they should be checking if MSVC and Windows even supported those features.
If the OS used by 90% of the world's desktop and laptop computers does not even support them, then just drop them from the kernel.
- Likes 6
Comment
-
Originally posted by Sonadow View PostThen it's supported. And the article also mentioned that Intel is still sending patches for it upstream no?
For example Intel 2D driver for linux is still "developed", but many distros are switching to the generic modesetting 2D-acceleration-over-3D driver because it's less crappy and has a better future overall.
- Likes 5
Comment
-
Originally posted by GunpowaderGuy View Postno need for this , or address space layout randomization ( both of which may have unfixable flaws anyways ) when using a memory safe language
- Likes 3
Comment
-
Originally posted by GunpowaderGuy View Postno need for this , or address space layout randomization ( both of which may have unfixable flaws anyways ) when using a memory safe language
IOMMU and address space layout randomisation work in combination.
Also
Preface Hey there! I’m finally ready to present you the third installment of the series exploit mitigation techniques. The last two times we talked about Data Execution Prevention and Stack Canaries Today I want to talk about Address Space Layout Randomization or ASLR in short. Format wise the article will be structured the following way: Introduction to the technique Current implementation details Weaknesses PoC on how to bypass ASLR Conclusion Disclaimer: The following is the result of...
Address space layout randomisation does make software attacking harder and really only adversely effects already defective programs. This is a different problem to MPX.
MPX has flaws that have not been fixed that effect perfectly safe applications and when MPX does not adversely effect programs is slower and does not show any direct advantages over AddressSanitizer. There are items like MPX for arm and sparc these in fact work.
ARM pointer authentication is the arm one. https://lwn.net/Articles/718888/ and it truly kills a lot of attacks dead while not adversely effecting properly written code. So yes Arm pointer authentication most of the time is able to beat AddressSanitizer while blocking flaws AddressSanitizer does not handle.
ARM and Sparc ones are design so compiler can place the protections in the code without developer having to worry about it. MPX needs programmer to add stuff in different places so it does not stuff up.
AddressSanitizer and Address space layout randomisation are both have limited dependency on hardware features and both should be used as a benchmark for hardware security features. If hardware security features are not out performing software equal feature there is a problem with the hardware feature. MPX when protecting against exactly the same flaws is slower than AddressSanitizer you don't implement stuff in hardware to end up slower than software.
So I think intel need to take MPX back to the drawing board and do something that works.
- Likes 10
Comment
-
Dropping MPX is utterly insane. Its pure laziness and outright negligence. The internet is awash in security disasters, there is bad C++ code everywhere, and we want to REMOVE protections against this? What the hell is wrong with these people?
- Likes 2
Comment
Comment