[Info-vax] Security, ASLR, KASLR, Pointers (was: Re: VMS x86 performance ?)
John Dallman
jgd at cix.co.uk
Mon Nov 2 17:13:00 EST 2020
In article <rnpp29$bld$1 at dont-email.me>, seaohveh at hoffmanlabs.invalid
(Stephen Hoffman) wrote:
Some comments from doing this sort of stuff on VMS' mutant stepchild,
Windows NT:
> With code in 64-bit (P2) space (compile 64-bit, and then LINK
> /SEGMENT_ATTRIBUTE=mumblefratz), the available address space
> randomization is larger.
The greater entropy is really valuable. This is one of the things that
will get easier if putting code in 64-bit space gets simpler.
> An alternative to ASLR and KASLR is pointer authentication, and
> that mechanism is starting to see production deployments:
> https://www.qualcomm.com/media/documents/files/whitepaper-pointer-au
> thentication-on-armv8-3.pdf
ARMv8.3 has hardware support for this, but x86-64 does not AFAIK.
> This work might well include work on ... app signing
One needs to distinguish between app signing and individual image signing.
Apple uses whole-app signing, but their model is very much built around
apps as the only form of distributed software. That makes good sense for
consumer software markets, but that's not what VMS is for. Microsoft lets
you sign individual EXEs and DLLs, which is more flexible.
John
More information about the Info-vax
mailing list