How would've memory safety helped here?
Because “Page-cache write into any readable file” is a memory safety bug? All of these recent Linux LPEs are memory safety issues.
In CHERI, for example, pointers have permissions. The pointer to the COW memory would not have the "write" permission.
I could be misunderstanding the bug, of course.
If you "forget" to mark COW memory pointer as no-write, the net effect would be same, would it not? If I'm reading the diff correctly, the problem was that code missed to mark some pages as shared (aka no-write).
A fair point...
I thought the bug was a missing check for the COW flag, but looking at it again it seems it was missing both setting and checking the flag.
Apparently it is both...
Because “Page-cache write into any readable file” is a memory safety bug? All of these recent Linux LPEs are memory safety issues.
In CHERI, for example, pointers have permissions. The pointer to the COW memory would not have the "write" permission.
I could be misunderstanding the bug, of course.
If you "forget" to mark COW memory pointer as no-write, the net effect would be same, would it not? If I'm reading the diff correctly, the problem was that code missed to mark some pages as shared (aka no-write).
A fair point...
I thought the bug was a missing check for the COW flag, but looking at it again it seems it was missing both setting and checking the flag.
Apparently it is both...