Re: [PATCH 00/35] Shadow stacks for userspace
From: Dave Hansen
Date: Mon Feb 07 2022 - 11:45:04 EST
On 2/6/22 23:20, Adrian Reber wrote:
>>> CRIU Support
>>> ------------
>>> In the past there was some speculation on the mailing list about
>>> whether CRIU would need to be taught about CET. It turns out, it does.
>>> The first issue hit is that CRIU calls sigreturn directly from its
>>> “parasite code” that it injects into the dumper process. This violates
>>> this shadow stack implementation’s protection that intends to prevent
>>> attackers from doing this.
...
>>From the CRIU side I can say that I would definitely like to see this
> resolved. CRIU just went through a similar exercise with rseq() being
> enabled in glibc and CI broke all around for us and other projects
> relying on CRIU. Although rseq() was around for a long time we were not
> aware of it but luckily 5.13 introduced a way to handle it for CRIU with
> ptrace. An environment variable existed but did not really help when
> CRIU is called somewhere in the middle of the container software stack.
>
>>From my point of view a solution not involving an environment variable
> would definitely be preferred.
Have there been things like this for CRIU in the past? Something where
CRIU needs control but that's also security-sensitive?
Any thoughts on how you would _like_ to see this resolved?