[Bug 2704] New: Avoid passing pointers between processes

[bugzilla-daemon at bugzilla.mindrot.org]

https://bugzilla.mindrot.org/show_bug.cgi?id=2704

            Bug ID: 2704
           Summary: Avoid passing pointers between processes
           Product: Portable OpenSSH
           Version: -current
          Hardware: Other
                OS: All
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: sshd
          Assignee: unassigned-bugs at mindrot.org
          Reporter: brooks at freebsd.org

Created attachment 2972
  --> https://bugzilla.mindrot.org/attachment.cgi?id=2972&action=edit
Patch to pass ciphers by name rather than by virtual address

The newkeys_(from|to)_blob() functions currently pass a pointer to the
static cipher structure between processes.  This works as long as
pointers are opaque integer data.  With upcoming pointer integrity
schemes such as CHERI (which ensures pointer derivations are valid with
hardware tags) this no longer works and the pointer is instantiated out
of thin air from the perspective of the receiving process.  Given the
current structure of the cipher code, it's trivial to pass the name
instead as is done in the attached patch.

This change appears to be sufficient to run OpenSSH with hardware
enforced memory bounds on CHERI.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.