Kees Cook, onye bụbu onye isi sistemụ kernel.org na onye isi otu Ubuntu Security Team, na-arụ ọrụ ugbu a na Google na ichekwa gam akporo na ChromeOS, bipụtara otu patches iji wepụta mgbaghara na ngwugwu kernel mgbe nhazi usoro. Patches na-eme ka nchekwa kernel dịkwuo mma site n'ịgbanwe ndowe nchịkọta, na-eme ka mwakpo a na-ebuso n'ùkwù ahụ sie ike karị ma ghara ịga nke ọma. Mmejuputa nke mbụ na-akwado ARM64 na x86/x86_64 processors.
Echiche izizi maka patch ahụ bụ nke ọrụ PaX RANDKSTACK. Na 2019, Elena Reshetova, onye injinia sitere na Intel, nwara imepụta mmejuputa echiche a dabara adaba maka itinye na kernel Linux bụ isi. Ka emechara, Kees Cook webatara atụmatụ a, onye gosipụtara mmejuputa iwu dabara adaba maka ụdị kernel bụ isi. A na-eme atụmatụ itinye patches ndị ahụ dị ka akụkụ nke ntọhapụ 5.13. A ga-enwe nkwarụ na ọnọdụ ahụ na ndabara. Iji mee ya, a na-atụpụta paramita ahịrị iwu kernel “randomize_kstack_offset=on/offset” yana ntọala CONFIG_RANDOMIZE_KSTACK_OFFSET_DEFAULT. A na-eme atụmatụ n'elu inye ọnọdụ ahụ ihe dị ka mfu arụmọrụ 1%.
Ihe kachasị mkpa nke nchebe a na-atụ aro bụ ịhọrọ nkwụsị nke nchịkọta random maka oku usoro ọ bụla, nke na-eme ka o sie ike ikpebi nhazi nchịkọta na ebe nchekwa, ọbụna mgbe ị nwetasịrị data adreesị, ebe ọ bụ na oku usoro ọzọ ga-agbanwe adreesị ntọala nke nchịkọta. N'adịghị ka mmejuputa PaX RANDKSTACK, na patches ndị a tụrụ aro maka itinye n'ime kernel, a na-eme randomization ọ bụghị na mbido mbụ (cpu_current_top_of_stack), kama mgbe ịtọchara usoro pt_regs, nke na-eme ka ọ ghara ikwe omume iji ụzọ dabere na ptrace iji chọpụta nkwụsị nke enweghị usoro. n'oge a na-agba ọsọ usoro oku.
isi: opennet.ru