summaryrefslogtreecommitdiff
path: root/Base/usr/share
diff options
context:
space:
mode:
authorBen Wiederhake <BenWiederhake.GitHub@gmx.de>2021-11-06 15:15:10 +0100
committerLinus Groh <mail@linusgroh.de>2021-11-11 12:50:18 +0000
commita59fc324bd14040cc7b4f1973714879b2a1936ac (patch)
tree20e4ae6d17551c8438702040373375cd11b6c21e /Base/usr/share
parentf2ce751a32b506ff60a23d30f09f2cef7c7ded76 (diff)
downloadserenity-a59fc324bd14040cc7b4f1973714879b2a1936ac.zip
Base: Document readonly atexit mitigation
Diffstat (limited to 'Base/usr/share')
-rw-r--r--Base/usr/share/man/man7/Mitigations.md23
1 files changed, 23 insertions, 0 deletions
diff --git a/Base/usr/share/man/man7/Mitigations.md b/Base/usr/share/man/man7/Mitigations.md
index 6bffc7200c..d02378ff3d 100644
--- a/Base/usr/share/man/man7/Mitigations.md
+++ b/Base/usr/share/man/man7/Mitigations.md
@@ -74,6 +74,29 @@ Date: Mon Jan 20 22:12:04 2020 +0100
Kernel: Add a basic implementation of unveil()
```
+### Readonly atexit
+
+[Readonly atexit](https://isopenbsdsecu.re/mitigations/atexit_hardening/) is a mitigation originating from OpenBSD.
+Thanks to it, an attacker can no longer use the atexit region to escalate from arbitrary-write to code-execution.
+
+It was first added in the following [commit](https://github.com/SerenityOS/serenity/commit/553361d83f7bc6499dc4821eff9b23a6549bd99c),
+and was later [improved](https://github.com/SerenityOS/serenity/commit/fb003d71c2becf0b3ea148aad08642e5a7ea35bc)
+to incur no additional cost during program initialization and finalization:
+
+```
+commit 553361d83f7bc6499dc4821eff9b23a6549bd99c
+Author: Andreas Kling <kling@serenityos.org>
+Date: Sat Jan 30 10:34:41 2021 +0100
+
+LibC: Protect the atexit() handler list when not writing to it
+
+Remap the list of atexit handlers as read-only while we're not actively
+writing to it. This prevents an attacker from using a memory write
+primitive to gain code execution via the atexit list.
+
+This is based on a technique used in OpenBSD. :^)
+```
+
### Syscall call-from verification
[Syscall call-from verification](https://marc.info/?l=openbsd-tech&m=157488907117170&w=2) is