Hacker News new | past | comments | ask | show | jobs | submit login

Perhaps we'll see allocators hold a heap/bucket pointer + capability; you would use the "free" pointer to find the metadata, and the heap pointer to interact with it



Some more security conscious allocators have already moved away from adjacent metadata storage to mitigate heap overflows. Instead, the metadata is stored in separate ASLR'd allocations and indexed by the pointer value. Some metadata might be implicitly encoded in the pointer value (e.g. by alignment or position above/below some virtual memory demarcation) to optimize lookup of the metadata.


But CHERI would stop pointer owners from exploring nearby memory space, so the metadata would only be accessible from within the allocator itself regardless. AFAICT there should be no need for ASLR with CHERI. (I mean defense in depth is ok…)


My point was just that current security best practice already requires indexing a separate data structure for bookkeeping. With CHERI, even if your metadata is stored in an adjacent header, to read or write that memory you have to lookup its pool to derive a wider pointer encompassing that header. (If not, as the article describes your allocator is misusing CHERI.)

But certainly with CHERI you could recover some optimization opportunities. For example, the block length can be derived directly from the pointer, which could make it easier to lookup the parent pool. And CHERI pointers preserve some bits for application pointer tagging, making it easier to implement typed allocations.

However, you still have to be careful. CHERI provides spatial safety, not temporal safety--double frees, dangling pointers, etc--so you may not want to reuse the application-visible portion of a block for bookkeeping purposes. Similarly, ASLR still retains much of its benefit, as does Rust--static enforcement of temporal safety, not spatial safety, is the principal value-add of Rust (spatial safety in Rust primarily comes from the library, not the language per se).




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: