I'm going to be that jerkface and predict that MTE won't do all that much. It's a pretty weak mitigation that requires a lot of work to adopt.
Sure. I was using “security” to mean everything MTE can defend against, whether guaranteed or not. (Particularly UAF.)
-
-
Good conversation here. For all meaningful trading defenses, the tag is not a secret (secret based defense don't last). That's the strength of memory tagging. The annoyance on UAF is just collateral benefit (also think that getting a leak gets somewhat more complicated)
-
Underappreciated benefit is catching UAF *before* an attacker finds and uses it. Lots of UAF goes unnoticed if it's "mostly read-only". Having that trap like if you were using ASan or Valgrind, but in normal production build and exec environment, will make a big diff!
- 2 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.