-
Notifications
You must be signed in to change notification settings - Fork 2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Control Flow Integrity #3810
Comments
Microsoft CFG seems inapplicable unless the code is compiled with MSVC, which we don't support, and I think we're unlikely to support. We do support compiling with clang, at least for Thread/Address Sanitizer builds. (I don't know whether those still require a patch, but if so it wouldn't be difficult to fix.) |
Note that according to https://llvm.org/docs/GoldPlugin.html you need to enable the Gold linker when compiling, using If I understand correctly, as long as we still dynamically link to the system libc, this won't prevent return-to-libc attacks, and similarly for libstdc++ and other dynamically linked system libraries (see #2513). |
It looks like we have to solve #2513 first in order for the cfi-mfcall check to work:
because libstdc++ will contain such virtual member functions. |
We can still enable the other checks though, right? |
Right, but ASLR puts standard libraries at random locations, making ret-to-libc harder. In general the incompleteness of one mitigation technology shouldn't remove it from our consideration. All of them are incomplete, we should consider them and their effect as a set, and one that we improve over time. |
I think you just need LTO, which I think has been available for a while. It looks like the gold recommendation was just a suggestion. In general though, I think users who build zcashd without a given security option because it's unavailable for some reason on their platform should have to explicitly disable that, and the build should fail if they don't disable something that isn't available on their platform. |
Control Flow Integrity (CFI) is an approach to mitigating code-reuse attacks (e.g. ROP). In this ticket, evaluate the CFI options that are available and see if any would be beneficial to
zcashd
. A quick search returns:The text was updated successfully, but these errors were encountered: