On Mon, Mar 16, 2020 at 2:50 PM Niels Möller <ni...@lysator.liu.se> wrote:
>
> ...
> 2. What I tried to ask about in the message you reply to, was how to
> write a test within the Nettle testsuite, to verify that enabling CET
> really has effect on a test executable (on systems where it is
> expected to have effect). It's not obvious to me if and how the patch
> improves that.
One more time to the list this time....
For the CET patch on Linux, use objdump -d to disassemble a file built
with CET. Then grep for ENDBR:
count=$(objdump -d some_source.o | grep -i -c endbr)
if [ "$count" -eq 0 ]; then
echo "Failed to enable CET"
else
echo "CET is enabled"
fi
You need a modern Binutils that supports ENDBR and ENDBR64.
There are other instructions you can search for. See
https://i.blackhat.com/asia-19/Thu-March-28/bh-asia-Sun-How-to-Survive-the-Hardware-Assisted-Control-Flow-Integrity-Enforcement.pdf.
For example to search for ENDBR, RDSSP and WRSSP"
count=$(objdump -d some_source.o | grep -i -c -E 'endbr|rdssp|wrssp')
I don't know if/how to check for CET on other platforms, like the
BSDs, OS X or Solaris. I know the tools to perform the disassembly,
but I don't know the other details.
Also see https://stackoverflow.com/q/56120231.
Jeff
_______________________________________________
nettle-bugs mailing list
nettle-bugs@lists.lysator.liu.se
http://lists.lysator.liu.se/mailman/listinfo/nettle-bugs
