Announcement

Collapse
No announcement yet.

Improved Control Flow Integrity (KCFI) Implementation Submitted For Linux 6.1

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Improved Control Flow Integrity (KCFI) Implementation Submitted For Linux 6.1

    Phoronix: Improved Control Flow Integrity (KCFI) Implementation Submitted For Linux 6.1

    Along with the Rust infrastructure for Linux 6.1 pull request, another early pull submitted by kernel maintainer Kees Cook for Linux 6.1 is the introduction of a new Control Flow Integrity "CFI" implementation for the Linux kernel to replace the former, less-than-ideal code...

    https://www.phoronix.com/news/Linux-...KCFI-Submitted

  • #2
    Can anyone explain to a novice C programmer what this means / how this works? I get that it is a security feature and any security feature is good in my book. Is it some kind of page guard electric fence kind of structure?

    Comment


    • #3
      Originally posted by kylew77 View Post
      Can anyone explain to a novice C programmer what this means / how this works? I get that it is a security feature and any security feature is good in my book. Is it some kind of page guard electric fence kind of structure?
      There is a good summary available at https://lwn.net/Articles/810077/

      Comment


      • #4
        Originally posted by RahulSundaram View Post

        There is a good summary available at https://lwn.net/Articles/810077/
        Thank you kind Internet stranger so to me it sounds like an enhanced version of "write xor execute" but where we limit the number of return addresses of a function to only those allowed to be called which as the paper said for most is fewer than 10, but a whole 7% that is 100 or more.

        Comment


        • #5
          On the one hand, better forward edge CFI and fewer improper function pointer casts are good.
          On the other hand, that's still significantly technically inferior to CFI containing forward edge + backwards edge + probabilistic defenses, which PaX RAP has been providing under the GPL for 7 years by now, i.e. since before PaX+grsecurity went commercial-only (*)
          https://pax.grsecurity.net/docs/PaXT...AP-RIP-ROP.pdf
          ‚Äčhttps://grsecurity.net/rap_faq

          *: thereby enabling their producers to start making a living from PaX+grsecurity, which they couldn't do in 17 years offering the software for public download at no cost in donation-only mode, then recruit additional security researchers to further improve defenses and find more security issues in software and hardware, then additionally sponsor work on FLOSS useful to the general public such as the GCC Rust front-end.
          Not all parts of RAP are available from the latest GPL PaX & grsecurity patches publicly distributed by their makers; newer GPL patches can be different.

          Comment

          Working...
          X