X86_64 CPUs can support Shadow Stack (SHSTK). SHSTK helps to mitigate against Return Oriented Programming (ROP) expoits, as well as others that target a process's call stack.
On linux binaries need to be marked with a note section .note.gnu.property marking support for GNU_PROPERTY_X86_FEATURE_1_SHSTK in order to support SHSTK. I believe Windows also supports SHSTK but have no knowledge of how.
Go should ideally support SHSTK on Linux and add the note section showing it does support it. Provided Go does not change the stack I believe it should be sufficient for Go to mark the binaries it generates.
#66054 is for the other half of Control-flow Enforcement Technology (CET).
6条答案
按热度按时间roejwanj1#
我不确定它是否简单。运行时切换goroutines通过切换堆栈(改变SP的值)。当堆栈切换时,影子堆栈也可能需要切换。如果我们想要支持这个功能,我们可能需要做一些类似于C setjmp/longjmp的事情。
p3rjfoxz2#
@hjl-tools,这是否对你有兴趣?或者你可以建议一个可能对此感兴趣的人?
ukdjmx9f3#
只需使用
-fcf-protection编译运行时库,如果没有自定义的上下文切换函数,就可以启用阴影栈。jexiocij4#
在这种情况下,运行时是用Go编写的,而不是C。没有
-fcf-protection选项。有自定义的上下文切换函数,用汇编语言编写。csga3l585#
SHSTK是一种针对C和C++的权宜之计,因为它们的设计缺陷和对未定义行为的允许,导致了运行时错误(ROP)。如果不使用unsafe,那么在Go中就不应该出现ROP。这可能会影响Go程序的性能,并再次证明非C编程语言需要支付“C税”。这个特性应该继续保持可选。
r1wp621o6#
这当然应该保持可选。
是的,如果我们这样做,它应该是可选的。