Brian Callahan <bcal...@posteo.net> wrote:
> On 7/10/2023 9:33 AM, Theo de Raadt wrote:
> > Brian Callahan <bcal...@posteo.net> wrote:
> >
> >> Pushed a nobtcfi fix for DMD.
> >
> > nobtcfi should never be considered a "fix". It is a workaround we make
> > available to allow laggard software to continue running -- nothing more.
> >
> >
> >
>
> Agreed. And I made the same clear to them.
Let me explain this in a different way, which may help conversations with
upstreams.
In OpenBSD, we are experimenting with mandatory BTI (arm64) /IBT (x86).
In Linux, they have started a 20 year experiment with per-page BTI, and
elective IBT.
On arm64, you can do BTI on a per-page basis. One code page may have
BTI, and another page won't. That allows a crappy shared library
without BTI to "work' inside a binary that has BTI. One .so will be
labelled as "I am not ready for BTI enforcement", another .so will be
labelled as "OK to enforce BTI here". Obviously an attacker will use JOP
methodology inside the crappy library. Such a scheme does not lead to
eventually having BTI everywhere, and JOP will remain alive.
On x86, you cannot do it perform it page-by page. So if anything in the
process's address cannot accept BTI enforcement, you won't get BTI in that
process. JOP will remain alive.
The mandatory behaviour will arrive in Linux eventually because openbsd
developers have pushed upstream library and application authors.
Eventually (adv)
10 years or more into the future
