Date: Tue, 16 Oct 2001 21:14:50 -0400 (EDT) From: Mike Heffner <mheffner@vt.edu> To: Kris Kennaway <kris@obsecurity.org> Cc: audit@FreeBSD.org Subject: Re: [art@cvs.openbsd.org: CVS: cvs.openbsd.org: src] Message-ID: <XFMail.20011016211450.mheffner@vt.edu> In-Reply-To: <20010818190339.A76832@xor.obsecurity.org>
next in thread | previous in thread | raw e-mail | index | archive | help
This message is in MIME format
--_=XFMail.1.5.1.FreeBSD:20011016211450:419=_
Content-Type: text/plain; charset=us-ascii
On 19-Aug-2001 Kris Kennaway wrote:
| Anyone up for porting this?
Ok, I've tried to take a stab at this. However, not having much kernel
experience I'm not to sure about this. How does the following look?
P.S. What's the best place to document this type of sysctl?
Index: kern_exec.c
===================================================================
RCS file: /home/ncvs/src/sys/kern/kern_exec.c,v
retrieving revision 1.141
diff -u -r1.141 kern_exec.c
--- kern_exec.c 2001/10/10 23:06:53 1.141
+++ kern_exec.c 2001/10/17 01:14:08
@@ -83,6 +83,16 @@
SYSCTL_INT(_kern, OID_AUTO, ps_argsopen, CTLFLAG_RW, &ps_argsopen, 0, "");
/*
+ * Control whether a random gap is added to the stack, the gap is
calculated
+ * with the following formula:
+ * arc4random() & (stackgap_width - 1)
+ * If stackgap_width is less than or equal to zero, no gap is added.
+ */
+int stackgap_width;
+SYSCTL_INT(_kern, OID_AUTO, stackgap_width, CTLFLAG_RW, &stackgap_width,
0,
+ "");
+
+/*
* Each of the items is a pointer to a `const struct execsw', hence the
* double pointer here.
*/
@@ -691,7 +701,7 @@
char *stringp, *destp;
register_t *stack_base;
struct ps_strings *arginfo;
- int szsigcode;
+ int sgap, szsigcode;
/*
* Calculate string base and vector table pointers.
@@ -710,6 +720,14 @@
((caddr_t)arginfo - szsigcode), szsigcode);
/*
+ * Calculate a random stack gap no larger than stackgap_width.
+ */
+ if (stackgap_width > 0)
+ sgap = arc4random() & (stackgap_width - 1);
+ else
+ sgap = 0;
+
+ /*
* If we have a valid auxargs ptr, prepare some room
* on the stack.
*/
@@ -725,8 +743,8 @@
* the arg and env vector sets,and imgp->auxarg_size is
room
* for argument of Runtime loader.
*/
- vectp = (char **) (destp - (imgp->argc + imgp->envc + 2 +
- imgp->auxarg_size) * sizeof(char
*));
+ vectp = (char **) (destp - (sgap + imgp->argc + imgp->envc
+
+ 2 + imgp->auxarg_size) *
sizeof(char *));
} else
/*
@@ -734,7 +752,8 @@
* the arg and env vector sets
*/
vectp = (char **)
- (destp - (imgp->argc + imgp->envc + 2) *
sizeof(char *));
+ (destp - (sgap + imgp->argc + imgp->envc + 2) *
+ sizeof(char *));
/*
* vectp also becomes our initial stack base
| ----- Forwarded message from Artur Grabowski <art@cvs.openbsd.org> -----
|
| Delivered-To: kkenn@localhost.obsecurity.org
| Delivered-To: kris@freebsd.org
| Date: Fri, 17 Aug 2001 21:32:16 -0600 (MDT)
| From: Artur Grabowski <art@cvs.openbsd.org>
| To: source-changes@cvs.openbsd.org
| Subject: CVS: cvs.openbsd.org: src
| Precedence: bulk
| Reply-To: Artur Grabowski <art@cvs.openbsd.org>
| X-Loop: source-changes@openbsd.org
| X-UIDL: 2307983f1074b8429d691305aa7c6c5c
|
| CVSROOT: /cvs
| Module name: src
| Changes by: art@cvs.openbsd.org 2001/08/17 21:32:16
|
| Modified files:
| sys/kern : kern_exec.c kern_sysctl.c
| sys/sys : sysctl.h
| lib/libc/gen : sysctl.3
| sbin/sysctl : sysctl.8
|
| Log message:
| Add a possibility to add a random offset to the stack on exec. This
| makes
| it slightly harder to write generic buffer overflows. This doesn't
| really
| give any real security, but it raises the bar for script-kiddies and
| it's
| really cheap.
|
| The range of the random offsets is controlled by the sysctl
| kern.stackgap_random (must be a power of 2).
|
| This is disabled by default right now, but we'll set it to a reasonable
| value
| (1024?) soon, after some more testing.
|
|
|
| ----- End forwarded message -----
Mike
--
Mike Heffner <mheffner@[acm.]vt.edu>
Blacksburg, VA <mikeh@FreeBSD.org>
--_=XFMail.1.5.1.FreeBSD:20011016211450:419=_
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org
iD8DBQE7zNuKFokZQs3sv5kRAhsxAKCJ0A3VAhCXCfH2Tb7lG7vdPJV8TwCgmBoC
QAxuXXjaRwi1mO6DHqgUquY=
=Pe0h
-----END PGP SIGNATURE-----
--_=XFMail.1.5.1.FreeBSD:20011016211450:419=_--
End of MIME message
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-audit" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?XFMail.20011016211450.mheffner>