lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAGXu5jJzsR+uuqmHJbijbD6ikPtV37jjXw7C7WZK77t7QR_M3g@mail.gmail.com>
Date:   Mon, 8 Apr 2019 09:21:19 -0700
From:   Kees Cook <keescook@...omium.org>
To:     "Reshetova, Elena" <elena.reshetova@...el.com>
Cc:     Josh Poimboeuf <jpoimboe@...hat.com>,
        "luto@...nel.org" <luto@...nel.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        "luto@...capital.net" <luto@...capital.net>,
        "jannh@...gle.com" <jannh@...gle.com>,
        "Perla, Enrico" <enrico.perla@...el.com>,
        "mingo@...hat.com" <mingo@...hat.com>,
        "bp@...en8.de" <bp@...en8.de>,
        "tglx@...utronix.de" <tglx@...utronix.de>,
        "peterz@...radead.org" <peterz@...radead.org>,
        "gregkh@...uxfoundation.org" <gregkh@...uxfoundation.org>
Subject: Re: [PATCH] x86/entry/64: randomize kernel stack offset upon syscall

On Mon, Apr 8, 2019 at 6:31 AM Reshetova, Elena
<elena.reshetova@...el.com> wrote:
> Originally I was thinking that in-stack randomization makes sense
> only for x86_64, since this is what VMAP stack on x86 depends on.
> Without VMAP stack and guard pages, there are easier ways to attack,
> so hardening there does not really makes that much sense IMO.
> However the 32 emulation case is interesting, I didn't think of it before.
> I guess if it uses VMAP-based stack, then we should support these calls also
> with in-stack randomization.

I think there's value in the non-VMAP-stack case: e.g. if the target
is "uninitialized" values, repeated syscalls will make targeting the
area less robust. (Though one would hope anyone using stack offset
randomization would also be using one of the various "always
initialize" options too...)

-- 
Kees Cook

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ