On Tue, Jan 14, 2025 at 12:02:28PM -0800, Isaac Manjarres wrote: > I think the main issue in the threat model that I described is that > an attacking process can gain control of a more priveleged process.
I understood it to be about an attacker gaining execution control through a rewritten function pointer, not that they already have arbitrary execution control. (i.e. taking a "jump anywhere" primitive and upgrading it to "execute anything".) Is the expectation that existing ROP/JOP techniques make protecting memfd irrelevant? -- Kees Cook
