|
@johnregehr | |||||
|
memory tagging should be a game changer for C and C++; get with the program, @intel and @apple!! pic.twitter.com/z2vXAtTb7z
|
||||||
|
||||||
|
Kristopher Micinski
@krismicinski
|
19. ruj |
|
I don't know anything about this stuff really, is there a good primer that's readable?
|
||
|
|
||
|
John Regehr
@johnregehr
|
19. ruj |
|
I think easiest is to find a video of a Kostya talk
|
||
|
|
||
|
Brendan Dolan-Gavitt
@moyix
|
20. ruj |
|
We cannot allow a memory tagging gap with the Russians! (Modern Elbrus has it too) pic.twitter.com/jAXHH1mZXR
|
||
|
|
||
|
Gok
@Gok
|
19. ruj |
|
I'm going to be that jerkface and predict that MTE won't do all that much. It's a pretty weak mitigation that requires a lot of work to adopt.
|
||
|
|
||
|
The Doge Mocenigo
@DogeMocenigo
|
19. ruj |
|
It is not (only) a (weak) mitigation - it is a tool to discover bugs and vulnerabilities in the field. Testing - including smart fuzzing - does not find all memory access defects. But if MTE information is collected IN THE FIELD you find these defects and with absolute precision
|
||
|
|
||
|
nick c
@inventednight
|
1. pro |
|
I’ve got more hope for RISC-V
|
||
|
|
||
|
kiniry
@kiniry
|
20. ruj |
|
|
||
|
|
||
|
Leandro Pereira
@lafp
|
20. ruj |
|
CC @bsdaemon
|
||
|
|
||