Explicitly Enable CFI Where Available #3131
Replies: 1 comment 2 replies
-
|
IIRC, cfi could catch bugs in Chromium codebase specifically. I assume Google does periodic runs and tests with cfi in order to find those bugs, which renders most of them being caught long before us, which in turn would imply very little benefit for us. Am I wrong? |
Beta Was this translation helpful? Give feedback.
-
|
Google definitely does fuzzing and all kinds of testing, but you can't be certain there are no bugs. In fact, in such a large codebase, there are very likely some. CFI is meant to be used in production, where the program crashes instead of allowing the attacker to control the process. Its overhead is minimal, < 1%. |
Beta Was this translation helpful? Give feedback.
-
|
It'd be great to see a report from Vanadium confirming the number of bugs they managed to catch via CFI enablement, which may disprove my statement above. I assume finding a bug in Chromium codebase is a good find that cannot go silent. |
Beta Was this translation helpful? Give feedback.
-
Clang's control flow integrity features seem to be entirely implemented in clang/LLVM, without necessity of operating system support. GN currently enables CFI only in Linux x86 builds. Vanadium config and this Chromium issue imply that CFI does, in fact, work on other platforms.
Why not explicitly enable it everywhere it works for increased memory security in Ungoogled Chromium?
Beta Was this translation helpful? Give feedback.
All reactions