memory tagging should be a game changer for C and C++; get with the program, @intel and @apple!!pic.twitter.com/z2vXAtTb7z
-
I'm going to be that jerkface and predict that MTE won't do all that much. It's a pretty weak mitigation that requires a lot of work to adopt.
MTE requires relatively little work to adopt (I say this as someone who's adamant about not adopting invasive "hardening" snakeoil like CET) and completely closes off huge classes of vulns.
-
-
Yes
@lazytyped worked on this for sparc. It really is worth it. -
Yep. Even if folks are critical of the limits of 4 bits for UAF protection, completely eliminating all stack, heap, data/bss, and tls based buffer overflows is huge.
- Još 6 drugih odgovora
Novi razgovor -
-
-
Sequential buffer overflows (out of object) are completely impossible. Attack of heap metadata is impossible without ability to craft upper ptr bits. Clobbering new object via UAF is impossible to prevent 100% but statistically very likely to trap.
-
…unless the attacker can get the tag of the freed area somehow, which is one instruction away. That’s the scary part.
- Još 7 drugih odgovora
Novi razgovor -
-
-
I keep hearing this and I feel like I'm missing something. What classes does it completely close off? The 4-bit tags seem ridiculously easy to bypass to a motivated attacker.
-
I don’t think it’s ridiculously easy to bypass. How do you get the tag from, say, attacker controlled JavaScript? That said, I’m not yet on board the MTE hype train, because I’m worried about leaking tags.
- Još 3 druga odgovora
Novi razgovor -
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.