On Tue, 2023-01-24 at 17:26 +0100, David Hildenbrand wrote:

quoted

quoted

quoted

Isn't it possible to overwrite GOT pointers using the same vector?
So I think it's merely reflecting the status quo.

There was some debate on this. /proc/self/mem can currently write
through read-only memory which protects executable code. So should
shadow stack get separate rules? Is ROP a worry when you can
overwrite executable code?

The question is, if there is reasonable debugging reason to keep it.
I
assume if a debugger would adjust the ordinary stack, it would have to
adjust the shadow stack as well (oh my ...). So it sounds reasonable
to have it in theory at least ... not sure when debugger would support
that, but maybe they already do.

GDB support for shadow stack is queued up for whenever the kernel
interface settles. I believe it just uses ptrace, and not this proc.
But yea ptrace poke will still need to use FOLL_FORCE and be able to write
through shadow stacks.

Our patches for GDB use /proc/PID/mem to read/write shadow stack memory.  
However, I think it should be possible to change this to ptrace but GDB normally uses
/proc/PID/mem to read/write target memory.

Regards,
Christina
Intel Deutschland GmbH
Registered Address: Am Campeon 10, 85579 Neubiberg, Germany
Tel: +49 89 99 8853-0, www.intel.de <http://www.intel.de>
Managing Directors: Christin Eisenschmid, Sharon Heck, Tiffany Doon Silva  
Chairperson of the Supervisory Board: Nicole Lau
Registered Office: Munich
Commercial Register: Amtsgericht Muenchen HRB 186928