Soller: Real hardware breakthroughs, and focusing on rustc

Posted Dec 3, 2019 16:41 UTC (Tue) by excors (subscriber, #95769)
In reply to: Soller: Real hardware breakthroughs, and focusing on rustc by anton
Parent article: Soller: Real hardware breakthroughs, and focusing on rustc

> Finally, if one routine in a library has a vulnerability, that vulnerability can only ever be used by an attacker if the program actually calls it, no matter how the routine was linked. And if the program calls it, it will certainly be there even with static linking.

That's true, though I think unused code (whether vulnerable or not) can still be useful in exploits when there is a vulnerability in the actively-used parts of the program. A buffer overflow bug might allow a ROP attack, but the attacker needs to find suitable ROP gadgets somewhere in the process's address space. And some Spectre variants trick the CPU into speculatively executing code at attacker-controlled addresses, but that code must contain a gadget to exfiltrate data from the speculative world. If the application is statically linked and the dead code is removed, it becomes harder for an attacker to find suitable gadgets. (But in practice I guess this is only significant for small applications that use large libraries; if it's a large application then it'll probably have enough gadgets already.)