[OffTopic] A vulnerability postmortem on Network Security Services
pjmlp at progtools.org
Fri Dec 3 13:33:22 UTC 2021
On Friday, 3 December 2021 at 12:27:11 UTC, Ola Fosheim Grøstad
> On Friday, 3 December 2021 at 12:08:59 UTC, Paulo Pinto wrote:
>> Note that on platforms like iOS and Android, going forward,
>> those considerations don't matter at the language level,
>> because the whole stack is using it.
> So you are saying that this will be required and not an option
> once all CPUs are capable? Right now it seems to be opt-in?
Yes that is the whole point.
> You can use the framework's sxadm command to enable and disable
> security extensions for selected binaries and to manage their
So on Solaris, the admin gets to say if the OS runs the process
under hardware memory tagging or not.
> Starting in Android 11, for 64-bit processes, all heap
> allocations have an implementation defined tag set in the top
> byte of the pointer on devices with kernel support for ARM
> Top-byte Ignore (TBI). Any application that modifies this tag
> is terminated when the tag is checked during deallocation. This
> is necessary for future hardware with ARM Memory Tagging
> Extension (MTE) support.
> TBI requires a compatible kernel that correctly handles tagged
> pointers passed from userspace. Android Common Kernels from
> 4.14 (Pixel 4) and higher feature the required TBI patches.
Note the "all heap allocations" on the documentation and it being
enabled on Pixel 4 and later devices.
You can guess similar documentation for the other links I
More information about the Digitalmars-d