Re: Constant Stack Canaries

On 4/1/2025 9:55 PM, Stefan Monnier wrote:

Say, if you load a single copy of a binary at 0x24680000.
Process A and B can't use the same mapping in the same address space,
with PC-rel globals, as then they would each see the other's globals.

>
Say I load a copy of the binary text at 0x24680000 and its data at
0x35900000 for a distance of 0x11280000 into the address space of
a process.
>
Then I load another copy at 0x44680000 and its data at 55900000
into the address space of a different process.

 But then if thread A (whose state is stored at 0x35900000) sends to
thread B (whose state is at 55900000) a closure whose code points
somewhere inside 0x24680000, it will end up using the state of thread
A instead of the state of the current thread.
 

Generally, threads and processes are seen as different...
But, yeah, passing lambdas between processes is theoretically possible in this scheme, but not advised.
If done, any pointers captured by the lambda would likely point to the originating process, but if called with a GBR from the new process, any global variables would either be mapped to the corresponding DLL index in the new process, or NULL (if a DLL that was not loaded in the new process), or  possibly a random address if it was from the main EXE and the EXE's differ...
But, yeah, inter-process function pointers aren't really a thing, and should not be a thing.
The eventual plan is to disallow them in the memory protection scheme, but enforcing memory access based the ACL based memory protection is still on the TODO list (it was only very recently that stuff is actually running in a proper usermode and so can't just stomp all over the kernel's memory...).
But... Yeah, the kernel and program are still hanging out in the same VAS, along with every other running program...