[Webkit-unassigned] [Bug 177745] New: [Linux] Enable Gigacage in x64 Linux environment

Mon Oct 2 07:47:58 PDT 2017

https://bugs.webkit.org/show_bug.cgi?id=177745

            Bug ID: 177745
           Summary: [Linux] Enable Gigacage in x64 Linux environment
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: JavaScriptCore
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: utatane.tea at gmail.com

Proposal: Enabling Gigacage in Linux.

Gigacage is implemented largely by fpizlo and it is a feature to limit the area referenced from a caged pointer.
Once a pointer is caged, it can only reference to a specific area called Gigacage.
This mechanism is implemented by `basePointer + (cagedPointer & cageMask)`

This is good for security. Many exploit first attempts to replace ArrayBuffer's buffer pointer to a arbitrary area to
modify arbitrary memory including JIT-executable ones. Caged pointer reduces the effectiveness of this attack by
limitting the area that can be referenced from ArrayBuffer's caged pointer.

Gigacage is now enabled in Darwin x64 environment. And Darwin + ARM64 work is ongoing (bug 177586).

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20171002/11145b59/attachment.html>