"H.J. Lu" <hjl.to...@gmail.com> writes:
> Where should such a CET violation happen? I added a CET violation test to
> glibc:
>
> void (*funcp) (void);
> funcp = mmap (NULL, 0x1000, PROT_EXEC | PROT_READ | PROT_WRITE,
> MAP_ANONYMOUS | MAP_PRIVATE, -1);
> printf ("mmap = %p\n", funcp);
> /* Write RET instruction. */
> *(char *) funcp = 0xc3;
> funcp ();
>
> I can do something similar. But it is independent of nettle.
The reason it makes sense to have such a test in nettle is that nettle
includes code (your patch) that affects if cet works. If practical, I'd
prefer to do it with inline assembly rather than constructing code at
run time, to not have to worry about flushing caches.
I suspect the tricky part is for the test to find out if cet protections
are expected to work on the test system. Maybe one approch could be to
have two test executables with a cet violation, one linking only to
libc, and one linking also to nettle, hogweed and gmp. Then we'd expect
that either both crash or none crash.
> The regular tests have covered the nettle library with
>
> $ ./configure CC='gcc -fcf-protextion=full' && make && make check
>
> I got many CET violations on CET platform before my fix was merged.
That's excellent. What I worry is, now that it's is working fine, if
some later change accidentally breaks cet marks. If that's not detected
by tests, then applications linking with nettle will not get the cet
protection at runtime, despite being compiled with -fcf-protection=full.
So it would be nice with an integration level test to catch that type of
potential regression.
It's a bit special to test security features; it's not enough to test
that everything works fine in the absense of attack, we need tests to
model the attacks, at least when that's practical.
Regards,
/Niels
--
Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677.
Internet email is subject to wholesale government surveillance.
_______________________________________________
nettle-bugs mailing list
nettle-bugs@lists.lysator.liu.se
http://lists.lysator.liu.se/mailman/listinfo/nettle-bugs
