|
|
|
|
|
|
by fweimer
176 days ago
|
|
|
These approaches can only detect linear overflows deterministically. Use-after-frees (temporal safety violations) are only detected with some probability. It's mostly a debugging tool. And MTE requires special firmware, which is usually not available in the cloud because the tag memory reservation is a boot-time decision. |
|
|
It is kind of interesting how all attempts to improve security are akin to arguing about usefulness of seatbelts when people still die wearing them.