summaryrefslogtreecommitdiff
path: root/Base/usr/share
diff options
context:
space:
mode:
authorBrian Gianforcaro <bgianf@serenityos.org>2021-07-25 13:14:20 -0700
committerAli Mohammad Pur <Ali.mpfard@gmail.com>2021-07-26 13:08:37 +0430
commitc95ac833670bff99eb7dcd63953d64a5463e1c4e (patch)
treefcfff39c5a8195374e999ee783bee50d1fac9ed5 /Base/usr/share
parent5e87c798d2398ce033e43c7e616001612f025824 (diff)
downloadserenity-c95ac833670bff99eb7dcd63953d64a5463e1c4e.zip
Base: Mitigations(7) add -fzero-call-used-regs and Process Protection
Update the man page to describe more mitigations that we have applied.
Diffstat (limited to 'Base/usr/share')
-rw-r--r--Base/usr/share/man/man7/Mitigations.md34
1 files changed, 34 insertions, 0 deletions
diff --git a/Base/usr/share/man/man7/Mitigations.md b/Base/usr/share/man/man7/Mitigations.md
index 9e0b86d93b..a4010dd881 100644
--- a/Base/usr/share/man/man7/Mitigations.md
+++ b/Base/usr/share/man/man7/Mitigations.md
@@ -237,6 +237,40 @@ Date: Fri Jan 1 15:27:42 2021 -0800
Build + LibC: Enable -fstack-protector-strong in user space
```
+### Protected Kernel Process Data
+
+The kernel applies a exploit mitigation technique where vulnerable data
+related to the state of a process is separated out into it's own region
+in memory which is always remmaped as read-only after it's initialized
+or updated. This means that an attacker needs more than an arbitrary
+kernel write primitive to be able to elevate a process to root for example.
+
+It was first enabled in the following [commit](https://github.com/SerenityOS/serenity/commit/cbcf891040e9921ff628fdda668c9738f358a178):
+```
+commit cbcf891040e9921ff628fdda668c9738f358a178
+Author: Andreas Kling <kling@serenityos.org>
+Date: Wed Mar 10 19:59:46 2021 +0100
+
+Kernel: Move select Process members into protected memory
+```
+
+### -fzero-call-used-regs
+
+GCC-11 added a new option `-fzero-call-used-regs` which causes the
+compiler to zero function arguments before return of a function. The
+goal being to reduce the possible attack surface by disarming ROP
+gadgets that might be potentially useful to attackers, and reducing
+the risk of information leaks via stale register data.
+
+It was first enabled when compiling the Kernel in the following [commit](https://github.com/SerenityOS/serenity/commit/204d5ff8f86547a8b100cf26a958aaabf49211f2):
+
+```
+commit 204d5ff8f86547a8b100cf26a958aaabf49211f2
+Author: Brian Gianforcaro <bgianf@serenityos.org>
+Date: Fri Jul 23 00:42:54 2021 -0700
+
+Kernel: Reduce useful ROP gadgets by zeroing used function registers
+```
## See also