diff options
author | Brian Gianforcaro <bgianf@serenityos.org> | 2021-07-25 13:14:20 -0700 |
---|---|---|
committer | Ali Mohammad Pur <Ali.mpfard@gmail.com> | 2021-07-26 13:08:37 +0430 |
commit | c95ac833670bff99eb7dcd63953d64a5463e1c4e (patch) | |
tree | fcfff39c5a8195374e999ee783bee50d1fac9ed5 /Base/usr/share | |
parent | 5e87c798d2398ce033e43c7e616001612f025824 (diff) | |
download | serenity-c95ac833670bff99eb7dcd63953d64a5463e1c4e.zip |
Base: Mitigations(7) add -fzero-call-used-regs and Process Protection
Update the man page to describe more mitigations that we have applied.
Diffstat (limited to 'Base/usr/share')
-rw-r--r-- | Base/usr/share/man/man7/Mitigations.md | 34 |
1 files changed, 34 insertions, 0 deletions
diff --git a/Base/usr/share/man/man7/Mitigations.md b/Base/usr/share/man/man7/Mitigations.md index 9e0b86d93b..a4010dd881 100644 --- a/Base/usr/share/man/man7/Mitigations.md +++ b/Base/usr/share/man/man7/Mitigations.md @@ -237,6 +237,40 @@ Date: Fri Jan 1 15:27:42 2021 -0800 Build + LibC: Enable -fstack-protector-strong in user space ``` +### Protected Kernel Process Data + +The kernel applies a exploit mitigation technique where vulnerable data +related to the state of a process is separated out into it's own region +in memory which is always remmaped as read-only after it's initialized +or updated. This means that an attacker needs more than an arbitrary +kernel write primitive to be able to elevate a process to root for example. + +It was first enabled in the following [commit](https://github.com/SerenityOS/serenity/commit/cbcf891040e9921ff628fdda668c9738f358a178): +``` +commit cbcf891040e9921ff628fdda668c9738f358a178 +Author: Andreas Kling <kling@serenityos.org> +Date: Wed Mar 10 19:59:46 2021 +0100 + +Kernel: Move select Process members into protected memory +``` + +### -fzero-call-used-regs + +GCC-11 added a new option `-fzero-call-used-regs` which causes the +compiler to zero function arguments before return of a function. The +goal being to reduce the possible attack surface by disarming ROP +gadgets that might be potentially useful to attackers, and reducing +the risk of information leaks via stale register data. + +It was first enabled when compiling the Kernel in the following [commit](https://github.com/SerenityOS/serenity/commit/204d5ff8f86547a8b100cf26a958aaabf49211f2): + +``` +commit 204d5ff8f86547a8b100cf26a958aaabf49211f2 +Author: Brian Gianforcaro <bgianf@serenityos.org> +Date: Fri Jul 23 00:42:54 2021 -0700 + +Kernel: Reduce useful ROP gadgets by zeroing used function registers +``` ## See also |