memory tagging should be a game changer for C and C++; get with the program, @intel and @apple!!pic.twitter.com/z2vXAtTb7z
You can add location information to your Tweets, such as your city or precise location, from the web and via third-party applications. You always have the option to delete your Tweet location history. Learn more
Yeah, I realized after typing that that it isn’t necessarily that strong. Scenario: Attacker can leak pointers and has a write primitive through pointer P plus attacker-controlled offset. Attacker just needs to find some target with tag(P). Can be easy with only 4 bits.
If offset is fully attacker-controlled and you know the tags, you can just put tag2-tag1 in the upper bits of it and target any tag you want.
Ah yes, true! (Though doesn’t MTE have an instruction to offset a pointer that doesn’t overflow into the tag? Maybe I’m misremembering.)
A lot of the security of MTE rests on pointer values remaining secret. We’ve seen how difficult this is with ASLR. At least with MTE an attacker generally needs more than one pointer value, though.
I disagree. The cases it provides guaranteed protection against work just as well if pointer values are public knowledge. Only the non-guaranteed/stochastic cases are weakened by attacker having knowledge of pointer values.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.