Kees Cook, yemwe kale anali woyang'anira wamkulu wa kernel.org komanso mtsogoleri wa Ubuntu Security Team, yemwe tsopano akugwira ntchito ku Google pakupeza Android ndi ChromeOS, adasindikiza zigamba zingapo kuti zisinthe mosinthana mu kernel stack pokonza mafoni. Zigamba zimakulitsa chitetezo cha kernel posintha kakhazikitsidwe ka stack, zomwe zimapangitsa kuti kuwukira kwa stack kukhala kovuta kwambiri komanso kosapambana. Kukhazikitsa koyambirira kumathandizira mapurosesa a ARM64 ndi x86/x86_64.
Lingaliro loyambirira la chigambachi ndi la polojekiti ya PaX RANDKSTACK. Mu 2019, Elena Reshetova, injiniya wochokera ku Intel, adayesa kupanga kukhazikitsidwa kwa lingaliro ili loyenera kuphatikizidwa mu kernel yayikulu ya Linux. Pambuyo pake, ntchitoyi idatengedwa ndi Kees Cook, yemwe adapereka ntchito yoyenera mtundu waukulu wa kernel. Zigambazo zakonzedwa kuti ziphatikizidwe ngati gawo la kutulutsidwa kwa 5.13. Njirayi idzayimitsidwa mwachisawawa. Kuti izi zitheke, kernel command line parameter "randomize_kstack_offset=on/off" ndi CONFIG_RANDOMIZE_KSTACK_OFFSET_DEFAULT makonzedwe akukonzedwa. Kuchuluka kwa kuwongolera mode kumayerekezedwa pafupifupi 1% kutayika kwa magwiridwe antchito.
Chofunikira cha chitetezo chomwe chikufunsidwa ndikusankha kutsitsa kwachisawawa kwa kuyimba kulikonse kwadongosolo, zomwe zimapangitsa kuti zikhale zovuta kudziwa masanjidwe a stack mu kukumbukira, ngakhale mutalandira ma adilesi, popeza kuyimba kwadongosolo kotsatira kudzasintha adilesi yoyambira. Mosiyana ndi kukhazikitsa kwa PaX RANDKSTACK, m'zigawo zomwe zaperekedwa kuti ziphatikizidwe mu kernel, randomisation imachitidwa osati pa siteji yoyamba (cpu_current_top_of_stack), koma mutatha kukhazikitsa dongosolo la pt_regs, lomwe limapangitsa kuti zikhale zosatheka kugwiritsa ntchito njira zogwiritsira ntchito ptrace kuti mudziwe zowonongeka. pa nthawi yayitali ya kuyitana kwadongosolo.
Source: opennet.ru