Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Soft-deprecate GNU_PROPERTY_AARCH64_FEATURE_1_PAC #121

Merged
merged 1 commit into from
Dec 17, 2021
Merged

Soft-deprecate GNU_PROPERTY_AARCH64_FEATURE_1_PAC #121

merged 1 commit into from
Dec 17, 2021

Conversation

pbarrio
Copy link
Contributor

@pbarrio pbarrio commented Dec 3, 2021

Users should not rely on this property to enquire about the status
of the protection of an ELF file. If it is present, then yes, the
file has been protected. If it is not present, it can still have
been protected to some extent.

The comment on Custom PLT protection has also been removed. This
protection is seen as a separate feature to PAC-ret, since you could
ask the linker to generate protected PLTs regardless of the presence
of PAC-ret.

@pbarrio
Copy link
Contributor Author

pbarrio commented Dec 3, 2021

@smithp35 @DanielKristofKiss FYI clarifying the meaning of the PAC program property.

DanielKristofKiss
DanielKristofKiss approved these changes Dec 6, 2021
View reviewed changes
Copy link
Contributor

@DanielKristofKiss DanielKristofKiss left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks!

smithp35
smithp35 reviewed Dec 6, 2021
View reviewed changes
Copy link
Contributor

@smithp35 smithp35 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the update. A couple of small suggestions.

aaelf64/aaelf64.rst Outdated Show resolved Hide resolved
aaelf64/aaelf64.rst Outdated Show resolved Hide resolved
@pbarrio
Soft-deprecate GNU_PROPERTY_AARCH64_FEATURE_1_PAC
1fd7e96 
Users should not rely on this property to enquire about the status
of the protection of an ELF file. If it is present, then yes, the
file has been protected. If it is not present, it can still have
been protected to some extent.

The comment on Custom PLT protection has also been removed. This
protection is seen as a separate feature to PAC-ret, since you could
ask the linker to generate protected PLTs regardless of the presence
of PAC-ret.
@pbarrio
Copy link
Contributor Author

pbarrio commented Dec 9, 2021

@smithp35 I updated a new patch with your two suggestions.

smithp35
smithp35 approved these changes Dec 9, 2021
View reviewed changes
Copy link
Contributor

@smithp35 smithp35 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks for the update.

DanielKristofKiss
DanielKristofKiss approved these changes Dec 9, 2021
View reviewed changes
Copy link
Contributor

@DanielKristofKiss DanielKristofKiss left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

@stuij stuij merged commit d6e9abb into ARM-software:main Dec 17, 2021
@stuij stuij added this to the 2022Q1 milestone Feb 25, 2022
sallyarmneale
sallyarmneale reviewed Mar 23, 2022
View reviewed changes
Copy link

@sallyarmneale sallyarmneale left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

One minor change

aaelf64/aaelf64.rst
executable sections have been protected with Return Address Signing.
Its use is optional, meaning that an ELF file where this feature bit
is unset can still have Return Address signing enabled in some or all
its executable sections.
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

of its executable sections

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sallyarmneale sallyarmneale sallyarmneale left review comments

@DanielKristofKiss DanielKristofKiss DanielKristofKiss approved these changes

@smithp35 smithp35 smithp35 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
2022Q1
Development

Successfully merging this pull request may close these issues.
5 participants
@pbarrio @DanielKristofKiss @smithp35 @sallyarmneale @stuij