zwimer / drshadowstack Goto Github PK

Will also have to adjust the type that holds the pointer possibly

Add them

Probably because of signal ignore or something.

Pages:
- Home
- Internal Shadow Stack
- External Shadow Stack
- Developers
- When does this fail
- Exceptions made
- FAQ

This project promises nothing on longjmp, but many applications do use it. Perhaps if a shadow stack mismatch occurs, and the longjmp symbol is matched via symbol resolution, simply pop the shadow stack until the desired return address is found (the one written when setjmp was called)

On setup function, create a new process group

Unit tests are a must! Maybe use cmake's test suite?

After spectre and meltdown, the retpoline fix was released. Intel CET does not play well with it, can an exception to the shadow stack be made to handle this?

Like signal handling and any others to be added

Use SPEC 2017 and maybe some IO-bound benchmarks to do so?

The dr client overwrites the log file on creation.

Wiki / readme

Add thread / fork event handlers to the external shadow stack to do this

Unimplemented messages currently of wrong size

The logging info will show something like:
Call(0x40600)
Ret(0x40600)

When really it should say
Call - Return to(0x40600)
Ret(0x40600)

When a signal handler is called, no 'call' is used as it is called via the kernel. A ret, however, is called. Add an exception, maybe a wildcard match?

pthread does not work on DynamoRIO as it breaks TLS assumptions.

Reimplement a mutex that does not use pthreads

This mutex MUST be interprocess

The internal shadow stack needs to handle threading events.

Boost.Program_options ?

On forking, the shadow stack is not cleared (correct). If the process then execs, the stack still does not clear (bad). This probably doesn't pose a threat, but just in case it should be fixed

On commit or merge, doyxygen, github_changelog_generator -u zwimer -p DrShadowStack, and clang-format -i -style=file ./src/*pp

Add them to the readme:
longjmp
arm
mac
etc...

Running:
./DrShadowStack.out -m ext -d ~/dynamorio/build/bin64/drrun ls -la

Log produces:
Calling execvp on: /home/vagrant/dynamorio/build/bin64/drrun -c /home/vagrant/ShadowStack/src/build/libss_dr_client.so ext /tmp/5VvB7lZNYELIKuNauM -- ls

Once in shadow_stack
Once in the client

Maybe boost filesystem?

Add documentation about exceptions

Add a .gitattributes to prevent \r from getting in the way.

When the child process closes, the main process receives SigPipe sometimes. This should be ignored!

Running in non-debug mode gives:

ERROR: fopen() failed.
Message from strerror: Bad address

This probably has to do with trying to open null

Maybe a file or something? The --version flag should work!

The Dr Client fails to log for the external SS

If a shadow stack mismatch is detected, do not simply print the hex addresses, attempt to resolve the symbols to give the function name and other information about the symbol. This is useful for debugging, and only needs to be done for the internal shadow stack (where it makes sense).

The reference counter works, but on thread / process creation / death, it is not implemented. Use DynamoRIO thread / fork events to do so.

When DynamoRIO crashes / the client crashes, terminate the group.

Improve the description in the README

Either hook syscalls (and check clone's arguments since fork() utilizes clone too) or look for an event. Note: dr's fork event is called only by the child process after the fork has occurred

It is much faster

Default internal as external is major speed decrease.

Make sure not to remap ones that are by default ignored.
Don't try for SIGKILL or SIGSTOP, they will fail

Compile Dynamorio internally via cmake?

Perhaps doxygen?

Standardize this. Maybe use clang formatter?

Setup a CI server on github - maybe use a pi as the build server?

Add thread / fork event handlers to the internal shadow stack

Wrap common functions up to protect the global namespace and enforce uniformity in handling common cases

Must be filled in