You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In the #382 commit message, it appears that cheribsd is enabled by default for captrevoke, but after compiling with the option "-mabi=l64pc128d -mno-relax -fuse-ld=lld -march=rv64gcxcheri -cheri-bounds=very-aggressive", the test program run normally without segment fault, there seems no defense against the use after free vulnerability.
Do I need to add additional compilation options or cheribuild.py option
Revocation is a batched operation, with multiple freed allocations held in quarantine until such time as userspace decides to request that the kernel sweep all of memory to revoke capabilities to all freed allocations. If you wish to force revocation, call malloc_revoke(), but this is a costly operation. Note that this does not mean there is "no defence against the use after free vulnerability"; by quarantining allocations that have been freed but not yet revoked, we guarantee that the allocation will not be repurposed until a revocation has been performed, i.e. it behaves as if the free is deferred until a later point in time.
Note that updates are still in progress for the Getting Started Guide for CheriBSD 23.11, and will include more information on configuring and using temporal safety features.
In the #382 commit message, it appears that cheribsd is enabled by default for captrevoke, but after compiling with the option "-mabi=l64pc128d -mno-relax -fuse-ld=lld -march=rv64gcxcheri -cheri-bounds=very-aggressive", the test program run normally without segment fault, there seems no defense against the use after free vulnerability.
Do I need to add additional compilation options or cheribuild.py option
./cheribuild.py run-riscv64-purecap --snmalloc/revoke --dlmalloc/revoke --mrs/revoke-on-free
The text was updated successfully, but these errors were encountered: