On 01/12/2024 23:55, Frederick Virchanza Gotham via Gcc wrote:
Some modern CPU's now have control flow enforcement. Here's how it
works on Intel CPU's:
"The shadow stack stores a copy of the return address of each CALL. On
a RET, the processor checks if the return address stored in the normal
stack and shadow stack are equal. If the addresses are not equal, the
processor generates an INT #21 (Control Flow Protection Fault)."
...
This would allow us to get around the control-flow enforcement (such
as when debugging, or when intercepting a function call).
You are asking for a feature to bypass a rather useful security feature
that otherwise eliminates a major class of hacking and malware attack
techniques. (I don't know how much the CET features are currently
supported in gcc - I don't normally use x86 targets.)
Why do you think it is at all relevant for debugging? Why do you think
"intercepting a function call" is a useful thing to do?
How would your suggestion differ from existing debug features or gcc
flags (like -flive-patching, -fpatchable-function-entry, -mno-shstk) ?
