Re: For review: documentation of clone3() system call

From: Jann Horn
Date: Mon Nov 11 2019 - 15:25:02 EST

Next message: Arnd Bergmann: "Re: [PATCH 13/23] y2038: socket: remove timespec reference in timestamping"
Previous message: Arnd Bergmann: "[PATCH 03/19] nfs: use timespec64 in nfs_fattr"
In reply to: Theodore Y. Ts'o: "Re: For review: documentation of clone3() system call"
Next in thread: Kees Cook: "Re: For review: documentation of clone3() system call"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Nov 11, 2019 at 5:58 PM Theodore Y. Ts'o <tytso@xxxxxxx> wrote:
> On Mon, Nov 11, 2019 at 03:55:35PM +0100, Jann Horn wrote:
> > Not on Linux, but on OpenBSD, they do use MAP_STACK now AFAIK; this
> > was announced here:
> > <http://openbsd-archive.7691.n7.nabble.com/stack-register-checking-td338238.html>.
> > Basically they periodically check whether the userspace stack pointer
> > points into a MAP_STACK region, and if not, they kill the process. So
> > even if it's a no-op on Linux...
>
> Hmm, is that something we should do in Linux? Even if we only check
> on syscall entry, which should be pretty inexpensive, it seems like it
> would be very effective in protecting various ROP techniques.

I'm not a big fan, especially if that would only happen on syscall
entry; at the point where you have enough control to perform syscalls,
it probably isn't too difficult to move your ROP stack over to a
legitimate stack.

Next message: Arnd Bergmann: "Re: [PATCH 13/23] y2038: socket: remove timespec reference in timestamping"
Previous message: Arnd Bergmann: "[PATCH 03/19] nfs: use timespec64 in nfs_fattr"
In reply to: Theodore Y. Ts'o: "Re: For review: documentation of clone3() system call"
Next in thread: Kees Cook: "Re: For review: documentation of clone3() system call"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]