upvote

points

by a-dub2 days ago |
comments
upvoteby commandersaki2 days ago|
[-]
I always see cheri brought up and admittedly I know very little about it, except that the ergonomics appear poor requiring twice the storage for each pointer and ground up rearchitecting of the OS, making it quite unappealing from an engineering standpoint.
reply
upvoteby wahern2 days ago|
parent|
next
[-]
FreeBSD, kernel and base, was ported to CHERI, along with PostgreSQL.

> We have adapted a complete C, C++, and assembly-language software stack, including the opensource FreeBSD OS (nearly 800 UNIX programs and more than 200 libraries including OpenSSH, OpenSSL, and bsnmpd) and PostgreSQL database, to employ ubiquitous capability-based pointer and virtual-address protection.

Most programs didn't require any changes at all. Even most pointer-integer-pointer conversions can be automatically handled by the toolchain and runtime. See https://www.cl.cam.ac.uk/research/security/ctsrd/pdfs/201904...

reply
upvoteby commandersaki2 days ago|
parent|
[-]
Sounds good for a clean slate but you couldn't seamlessly transition to it, which is why I said it was unappealing.
reply
upvoteby checker6592 days ago|
parent|
prev|
[-]
> making it quite unappealing from an engineering standpoint

The other option being rewriting everything under the sun from scratch.

reply
upvoteby commandersaki2 days ago|
parent|
[-]
Um, there's also Memory Tagging which is the topic of this post.

Apple's implemented it as part of the umbrella MIE and eliminates a class of bugs, at least on the surface of their own software, and allows for incremental adoption and doesn't break compatibility with older binaries.

reply
upvoteby astrange2 days ago|
parent|
[-]
MTE (and PAC before it) store some metadata in previously unused pointer bits, so there are potential issues if you were already using those for something else.

Oh and if your program has memory bugs then you have to fix them of course.

reply