But the shadow stack concept seems much dumber to me. Why write the address to the regular stack and the shadow stack and then compare? Why not only use the shadow stack and not put return addresses on the main stack at all.
When you're compiling from scratch, especially when you're not working on a shared library, ABI compatability doesn't matter as much. Doesn't explain why there's no -fshadow-stack-only option to pass in.
But the shadow stack concept seems much dumber to me. Why write the address to the regular stack and the shadow stack and then compare? Why not only use the shadow stack and not put return addresses on the main stack at all.
Because that would break compatibility. The way shadow stacks are implemented means they can be enabled in existing software without code changes.
If one were to design a modern ISA from scratch it would make sense though.
ABI compatibility.
When you're compiling from scratch, especially when you're not working on a shared library, ABI compatability doesn't matter as much. Doesn't explain why there's no -fshadow-stack-only option to pass in.
1 reply →