On Mon, Apr 8, 2019 at 6:31 AM Reshetova, Elena <elena.reshet...@intel.com> wrote: > Originally I was thinking that in-stack randomization makes sense > only for x86_64, since this is what VMAP stack on x86 depends on. > Without VMAP stack and guard pages, there are easier ways to attack, > so hardening there does not really makes that much sense IMO. > However the 32 emulation case is interesting, I didn't think of it before. > I guess if it uses VMAP-based stack, then we should support these calls also > with in-stack randomization.
I think there's value in the non-VMAP-stack case: e.g. if the target is "uninitialized" values, repeated syscalls will make targeting the area less robust. (Though one would hope anyone using stack offset randomization would also be using one of the various "always initialize" options too...) -- Kees Cook
