Re: Intel CET Support?
Ok, it turns out the quick test i spontaneously came up with is flawed,
sorry about that.
However, if you look at the disassembly, you can see that the
endbr instruction is not at the beginning of a function,
but rather directly after a nop instruction, so it seems to
me this is just used as another nop variant for alignment purposes.
Another file one can test that actually gives zero is
/lib64/ld-linux-x86-64.so.2
so the right command to test is
objdump -d /lib64/ld-linux-x86-64.so.2 | grep endbr | wc -l
On Mon, 2022-09-05 at 21:14 +0000, Jeremy Stanley wrote:
> On 2022-09-05 22:44:52 +0200 (+0200), Felix Potthast wrote:
> > i just stumbled upon the fact that debian doesn't yet make use of
> > the Intel CET security feature, while many other distributions
> > (Ubuntu, Fedora, Suse, Arch Linux) do.
> [...]
>
> Forgive me if this is a dumb question, but were you running on a
> Linux 5.18 kernel when you tested this? The default kernel on the
> current Debian release is too old to support it, but there is a 5.18
> kernel in the bullseye-backports suite. This is from my workstation
> running a relatively up to date Debian unstable booted on a 5.18.x
> kernel, as you can see:
>
> fungi@dhole:~$ uname -v
> #1 SMP PREEMPT_DYNAMIC Debian 5.18.14-1 (2022-07-23)
> fungi@dhole:~$ objdump -d /bin/mv | grep endbr | wc -l
> 2
> fungi@dhole:~$ objdump -d /bin/mv | grep endbr
> 4230: f3 0f 1e fa endbr64
> 4270: f3 0f 1e fa endbr64
>
Reply to: