Want’s software mitigation at that time, here it’s hardcore hardware mitigation that by design should kill an entire class of bugs
You’re unable to view this Tweet because this account owner limits who can view their Tweets. Learn more
Conversation
Fwiw I think MT ist the *only* mitigation that has potential to make quite a dent.
2
2
MTE being widely adopted could also lead to stronger memory tagging features. 16-bit random tags aren't going to wipe out exploitation but at the very least it'll force software to be compatible with memory safety implementations including a tag-based approach with larger tags.
1
1
I think the biggest impact will be that suddenly all software has something like ASan in production, forcing all these latent bugs that occur during regular use to be fixed. A lot of bugs will remain, but not ones that block deploying inter-object memory safety implementations.
1
I suspect 16 bit random tags will already have a pretty serious impact on exploitation, but we will see... perhaps i am too optimistic. I see the bypasses not necessarily coming from a lack of randomness.
1
I don't really expect mainstream operating systems to tag stack variables in the initial deployment, and once they do there will be issues like assembly code not instrumented by it just like CFI. Can also still have overflows within objects. Each allocator has to set it up too.
So, there will definitely be obvious bypasses aside from only having 16-bit tags. I don't think it has to be a massive barrier to exploitation to be a huge success either way. ~93% chance to catch memory corruption bugs in production forces fixing any that occur regularly.
2
It gives everyone a better version of ASan in production, whether they wanted it or not, and they'll end up fixing their software's compatibility with future memory safety implementations that either have more entropy or that are deterministic. Wipes out the compatibility issues.