[Webkit-unassigned] [Bug 177745] New: [Linux] Enable Gigacage in x64 Linux environment
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Oct 2 07:47:58 PDT 2017
https://bugs.webkit.org/show_bug.cgi?id=177745
Bug ID: 177745
Summary: [Linux] Enable Gigacage in x64 Linux environment
Product: WebKit
Version: WebKit Nightly Build
Hardware: Unspecified
OS: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: JavaScriptCore
Assignee: webkit-unassigned at lists.webkit.org
Reporter: utatane.tea at gmail.com
Proposal: Enabling Gigacage in Linux.
Gigacage is implemented largely by fpizlo and it is a feature to limit the area referenced from a caged pointer.
Once a pointer is caged, it can only reference to a specific area called Gigacage.
This mechanism is implemented by `basePointer + (cagedPointer & cageMask)`
This is good for security. Many exploit first attempts to replace ArrayBuffer's buffer pointer to a arbitrary area to
modify arbitrary memory including JIT-executable ones. Caged pointer reduces the effectiveness of this attack by
limitting the area that can be referenced from ArrayBuffer's caged pointer.
Gigacage is now enabled in Darwin x64 environment. And Darwin + ARM64 work is ongoing (bug 177586).
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20171002/11145b59/attachment.html>
More information about the webkit-unassigned
mailing list