[OffTopic] A vulnerability postmortem on Network Security Services
Paulo Pinto
pjmlp at progtools.org
Fri Dec 3 13:33:22 UTC 2021
On Friday, 3 December 2021 at 12:27:11 UTC, Ola Fosheim Grøstad
wrote:
> On Friday, 3 December 2021 at 12:08:59 UTC, Paulo Pinto wrote:
>> Note that on platforms like iOS and Android, going forward,
>> those considerations don't matter at the language level,
>> because the whole stack is using it.
>
> So you are saying that this will be required and not an option
> once all CPUs are capable? Right now it seems to be opt-in?
> ...
Yes that is the whole point.
> You can use the framework's sxadm command to enable and disable
> security extensions for selected binaries and to manage their
> properties.
https://docs.oracle.com/cd/E37838_01/html/E61021/sysauth-secext.html#OSSADsysauth-secext
So on Solaris, the admin gets to say if the OS runs the process
under hardware memory tagging or not.
On Android,
> Starting in Android 11, for 64-bit processes, all heap
> allocations have an implementation defined tag set in the top
> byte of the pointer on devices with kernel support for ARM
> Top-byte Ignore (TBI). Any application that modifies this tag
> is terminated when the tag is checked during deallocation. This
> is necessary for future hardware with ARM Memory Tagging
> Extension (MTE) support.
>....
> TBI requires a compatible kernel that correctly handles tagged
> pointers passed from userspace. Android Common Kernels from
> 4.14 (Pixel 4) and higher feature the required TBI patches.
https://source.android.com/devices/tech/debug/tagged-pointers
Note the "all heap allocations" on the documentation and it being
enabled on Pixel 4 and later devices.
You can guess similar documentation for the other links I
provided earlier.
More information about the Digitalmars-d
mailing list