[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Intel CET Support?

On Mon, Sep 05, 2022 at 10:44:52PM +0200, Felix Potthast wrote:
> i just stumbled upon the fact that debian doesn't yet make use of the
> Intel CET security feature, while many other distributions
> (Ubuntu, Fedora, Suse, Arch Linux) do.
> The idea is to insert endbr instructions,
> (which are just NOPs on older CPUs) at the beginning
> of functions to identify valid call targets to mitigate
> ROP attacks.
> You can do a quick test with
> objdump -d /usr/bin/mv | grep endbr | wc -l
> which outputs a nonzero number if the feature is used.
It's indeed nonzero on my testing and sid machines, with coreutils 8.32-4.1.
In which version is it zero?


Attachment: signature.asc
Description: PGP signature

Reply to: