There’s so much cool stuff coming down the pike. ARM pointer authentication: MACs for pointers. Can’t wait to see how people defeat that.
-
-
Replying to @matthew_d_green
They need to fit within the unused pointer bits so brute force works. A typical Linux system (three-level page tables) will have 24-bit ASLR and 24-bit pointer signatures. That's the middle ground since more address space means more ASLR bits but fewer MAC bits.
1 reply 1 retweet 6 likes -
Replying to @CopperheadOS @matthew_d_green
*so brute force works unless mitigated by the system
1 reply 0 retweets 1 like -
Replying to @tehjh @matthew_d_green
Could say the same about ASLR and stack canaries on 32-bit but mainstream operating systems didn't deploy those mitigations, probably because they come with drawbacks.
1 reply 0 retweets 2 likes -
Have you tried using brute force protection on a desktop with Chromium as your browser? If a tab crashes, you're not just stuck waiting for the timeout to open another, the browser is probably going to stall completely too. It's not very usable.
2 replies 0 retweets 1 like -
Replying to @CopperheadOS @matthew_d_green
deployability of crash-throttled PAC, compared to doing the same with ASLR, probably depends on ratio of "benign" crashes that trigger it? random derefs of entirely invalid memory might be more common than crashes on pointers that are valid apart from PAC?
2 replies 0 retweets 2 likes
and if you use something like Linux kernel alternatives, you could maybe swap out PAC for a less efficient software implementation after the first crash?
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.