| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 11 Nov 2019 11:58:00 -0500
From: "Theodore Y. Ts'o" <tytso@....edu>
To: Jann Horn <jannh@...gle.com>
Cc: "Michael Kerrisk (man-pages)" <mtk.manpages@...il.com>,
Christian Brauner <christian.brauner@...ntu.com>,
Florian Weimer <fweimer@...hat.com>,
Christian Brauner <christian@...uner.io>,
lkml <linux-kernel@...r.kernel.org>,
linux-man <linux-man@...r.kernel.org>,
Kees Cook <keescook@...omium.org>,
Oleg Nesterov <oleg@...hat.com>, Arnd Bergmann <arnd@...db.de>,
David Howells <dhowells@...hat.com>,
Pavel Emelyanov <xemul@...tuozzo.com>,
Andrew Morton <akpm@...ux-foundation.org>,
Adrian Reber <adrian@...as.de>,
Andrei Vagin <avagin@...il.com>,
Linux API <linux-api@...r.kernel.org>,
Ingo Molnar <mingo@...e.hu>
Subject: Re: For review: documentation of clone3() system call
On Mon, Nov 11, 2019 at 03:55:35PM +0100, Jann Horn wrote:
> Not on Linux, but on OpenBSD, they do use MAP_STACK now AFAIK; this
> was announced here:
> <http://openbsd-archive.7691.n7.nabble.com/stack-register-checking-td338238.html>.
> Basically they periodically check whether the userspace stack pointer
> points into a MAP_STACK region, and if not, they kill the process. So
> even if it's a no-op on Linux...
Hmm, is that something we should do in Linux? Even if we only check
on syscall entry, which should be pretty inexpensive, it seems like it
would be very effective in protecting various ROP techniques.
- Ted
Powered by blists - more mailing lists