Comment by IAmLiterallyAB

15 hours ago

I wonder if an adversarial user could bypass the checks and achieve memory corruption / code execution. Maybe not a practical attack in most situations but a fun exercise.

> This includes things like asm volatile("" : : : "memory"), which is an old-school way of saying atomic_signal_fence(memory_order_seq_cst).

Not quite. AIUI, the first is just a barrier for the compiler, while the second is also a CPU memory barrier. Godbolt seems to confirm that.

https://godbolt.org/z/a844zKej8

5 comments

IAmLiterallyAB

pizlonator 15 hours ago

Your godbolt code used atomic_thread_fence

The quote uses atomic_signal_fence.

If you find a way to bypass my checks, file a bug. I tried very hard to break it. My agent loops tried even harder

jancsika 14 hours ago
> My agent loops tried even harder
What happens if you ask to find the strings that will erroneously return True from validateSafeInlineAsm for disallowed asm? :)
- pizlonator 14 hours ago
  
  It’s surprisingly hard to define „erroneously”, but that’s not far off from what I did
  Example of a bug found most recently was that sahf was allowed without a cc constraint.
  Anyway, if you find bugs, file them. Would be fun to see if there’s a case me and my agents missed
IAmLiterallyAB 15 hours ago

Oops, you're right. I was thinking of those as nearly interchangeable but they're actually pretty different.
I might give it a try when I have a chance, I'll let you know if anything comes of it.

IshKebab 8 hours ago

I don't think Fil-C is designed for adversarial users.