Issue 908597 link

Starred by 2 users

Issue metadata

Status:	Fixed
Owner:	vtsyrklevich@chromium.org
Closed:	Nov 28
EstimatedDays:	----
NextAction:	----
OS:	----
Pri:	3
Type:	Bug

Deprecate SafeStack

Project Member Reported by vtsyrklevich@chromium.org, Nov 26

Issue description

Delete Chromium SafeStack support, we've decided not to move forward with it.

Comment 1 by vtsyrklevich@chromium.org, Nov 27

Elaborating a bit further: security evaluation of SafeStack showed that it's not sufficiently secure to prevent backward-edge CFI attacks. In particular, leaks of the 'safe' stack address are present throughout the system runtime and are difficult to fully address--making the scheme useless against attackers with arbitrary R/W.

Project Member

Comment 2 by bugdroid1@chromium.org, Nov 27

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/e1506f250b4d87689186eb2c8379ced966e4a812

commit e1506f250b4d87689186eb2c8379ced966e4a812
Author: Vlad Tsyrklevich <vtsyrklevich@chromium.org>
Date: Tue Nov 27 19:57:19 2018

SafeStack: Delete bots

SafeStack support has been abandoned.

Bug:  908597 ,889532
Change-Id: I989dbf90bab522c6a4c50117de64a85509b4932f
Reviewed-on: https://chromium-review.googlesource.com/c/1351585
Commit-Queue: Vlad Tsyrklevich <vtsyrklevich@chromium.org>
Reviewed-by: Dirk Pranke <dpranke@chromium.org>
Cr-Commit-Position: refs/heads/master@{#611269}
[modify] https://crrev.com/e1506f250b4d87689186eb2c8379ced966e4a812/infra/config/global/cr-buildbucket.cfg
[modify] https://crrev.com/e1506f250b4d87689186eb2c8379ced966e4a812/infra/config/global/luci-milo.cfg
[modify] https://crrev.com/e1506f250b4d87689186eb2c8379ced966e4a812/infra/config/global/luci-scheduler.cfg
[modify] https://crrev.com/e1506f250b4d87689186eb2c8379ced966e4a812/testing/buildbot/chromium.clang.json
[modify] https://crrev.com/e1506f250b4d87689186eb2c8379ced966e4a812/testing/buildbot/waterfalls.pyl
[modify] https://crrev.com/e1506f250b4d87689186eb2c8379ced966e4a812/tools/mb/mb_config.pyl

Project Member

Comment 3 by bugdroid1@chromium.org, Nov 27

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/tools/build/+/36499204f9cd8abe9e26a5a3d01ab9bdacb92a62

commit 36499204f9cd8abe9e26a5a3d01ab9bdacb92a62
Author: Vlad Tsyrklevich <vtsyrklevich@chromium.org>
Date: Tue Nov 27 20:04:15 2018

SafeStack: Delete bots

SafeStack support has been abandoned.

Bug:  908597 ,889532
Change-Id: I3237cdbb29b44c718d4fd6eaab94dc0c524e84c4
Reviewed-on: https://chromium-review.googlesource.com/c/1351255
Commit-Queue: Vlad Tsyrklevich <vtsyrklevich@chromium.org>
Reviewed-by: Dirk Pranke <dpranke@chromium.org>

[modify] https://crrev.com/36499204f9cd8abe9e26a5a3d01ab9bdacb92a62/scripts/slave/recipe_modules/chromium_tests/chromium_clang.py
[modify] https://crrev.com/36499204f9cd8abe9e26a5a3d01ab9bdacb92a62/masters/master.chromium.clang/builders.pyl

Project Member

Comment 4 by bugdroid1@chromium.org, Nov 27

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/d56683211481388adaa8abb2207d186c02ad16c0

commit d56683211481388adaa8abb2207d186c02ad16c0
Author: Vlad Tsyrklevich <vtsyrklevich@chromium.org>
Date: Tue Nov 27 20:25:22 2018

Revert "SafeStack: Add a SafeStack build configuration"

SafeStack support has been abandoned.

Bug:  908597 
Change-Id: Ie4e8709c4682814fb7bebad2eb2a65990f69c3d0
Reviewed-on: https://chromium-review.googlesource.com/c/1351587
Commit-Queue: Vlad Tsyrklevich <vtsyrklevich@chromium.org>
Reviewed-by: Nico Weber <thakis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#611286}
[modify] https://crrev.com/d56683211481388adaa8abb2207d186c02ad16c0/build/config/compiler/BUILD.gn
[modify] https://crrev.com/d56683211481388adaa8abb2207d186c02ad16c0/build/config/sanitizers/BUILD.gn
[modify] https://crrev.com/d56683211481388adaa8abb2207d186c02ad16c0/build/config/sanitizers/sanitizers.gni
[delete] https://crrev.com/d603432de800eb9bd6c576dbaad4132b249cc938/build/linux/chrome.safestack.map
[modify] https://crrev.com/d56683211481388adaa8abb2207d186c02ad16c0/chrome/BUILD.gn

Project Member

Comment 5 by bugdroid1@chromium.org, Nov 27

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/99881e9c9b8517bda32938c8e5134b3e8c0cc8e5

commit 99881e9c9b8517bda32938c8e5134b3e8c0cc8e5
Author: Vlad Tsyrklevich <vtsyrklevich@chromium.org>
Date: Tue Nov 27 20:26:05 2018

Revert "SafeStack: Package SafeStack runtime for Linux"

SafeStack support has been abandoned.

Bug:  908597 
Change-Id: I292cfa06bcad8953957480ea0ecf873cdb526f4c
Reviewed-on: https://chromium-review.googlesource.com/c/1351607
Commit-Queue: Vlad Tsyrklevich <vtsyrklevich@chromium.org>
Reviewed-by: Nico Weber <thakis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#611287}
[modify] https://crrev.com/99881e9c9b8517bda32938c8e5134b3e8c0cc8e5/docs/updating_clang.md
[modify] https://crrev.com/99881e9c9b8517bda32938c8e5134b3e8c0cc8e5/tools/clang/scripts/package.py

Project Member

Comment 6 by bugdroid1@chromium.org, Nov 28

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/19739ae13481f9a266548dd2829fdb4f58075b86

commit 19739ae13481f9a266548dd2829fdb4f58075b86
Author: Vlad Tsyrklevich <vtsyrklevich@chromium.org>
Date: Wed Nov 28 03:19:00 2018

Revert "Disable SafeStack for test that requires direct stack access"

SafeStack support has been abandoned.

Bug:  908597 
Change-Id: If425e16a2bed5781d32a935e0dca06a4666fabc4
Reviewed-on: https://chromium-review.googlesource.com/c/1351751
Reviewed-by: Lei Zhang <thestig@chromium.org>
Commit-Queue: Vlad Tsyrklevich <vtsyrklevich@chromium.org>
Cr-Commit-Position: refs/heads/master@{#611542}
[modify] https://crrev.com/19739ae13481f9a266548dd2829fdb4f58075b86/base/debug/proc_maps_linux_unittest.cc

Project Member

Comment 7 by bugdroid1@chromium.org, Nov 28

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/d21cd66215109c36b867a371b899c2d9fbe8ad50

commit d21cd66215109c36b867a371b899c2d9fbe8ad50
Author: Vlad Tsyrklevich <vtsyrklevich@chromium.org>
Date: Wed Nov 28 03:19:23 2018

SafeStack: Remove oilpan support

SafeStack support has been abandoned.

Bug:  908597 
Change-Id: I800af0440054fb4de593a01af347b9b341cc55e5
Reviewed-on: https://chromium-review.googlesource.com/c/1351778
Commit-Queue: Vlad Tsyrklevich <vtsyrklevich@chromium.org>
Reviewed-by: Kentaro Hara <haraken@chromium.org>
Cr-Commit-Position: refs/heads/master@{#611543}
[modify] https://crrev.com/d21cd66215109c36b867a371b899c2d9fbe8ad50/third_party/blink/renderer/platform/heap/thread_state.cc
[modify] https://crrev.com/d21cd66215109c36b867a371b899c2d9fbe8ad50/third_party/blink/renderer/platform/heap/thread_state.h

Comment 8 by vtsyrklevich@chromium.org, Nov 28

Status: Fixed (was: Untriaged)

►

Issue 908597 link

Issue metadata

Deprecate SafeStack

Issue description

Comment 1 by vtsyrklevich@chromium.org, Nov 27

Comment 1 Deleted

Comment 2 by bugdroid1@chromium.org, Nov 27

Comment 2 Deleted

Comment 3 by bugdroid1@chromium.org, Nov 27

Comment 3 Deleted

Comment 4 by bugdroid1@chromium.org, Nov 27

Comment 4 Deleted

Comment 5 by bugdroid1@chromium.org, Nov 27

Comment 5 Deleted

Comment 6 by bugdroid1@chromium.org, Nov 28

Comment 6 Deleted

Comment 7 by bugdroid1@chromium.org, Nov 28

Comment 7 Deleted

Comment 8 by vtsyrklevich@chromium.org, Nov 28

Comment 8 Deleted

Sign in to add a comment