Kees Cook, aimbova mukuru system maneja we kernel.org uye mutungamiri weUbuntu Security Team, iye zvino ari kushanda kuGoogle kuchengetedza Android neChromeOS, akaburitsa seti yezvigamba kuti zvigadzirise zvigadziriso mu kernel stack kana uchigadzira masisitimu mafoni. Zvimedu zvinovandudza kuchengetedzwa kwekernel nekushandura stack kuiswa, zvichiita kuti kurwiswa kwe stack kuve kwakaoma uye kusabudirira. Kuitwa kwekutanga kunotsigira ARM64 uye x86/x86_64 processors.
Pfungwa yepakutanga yechigamba ndeyePaX RANDKSTACK chirongwa. Muna 2019, Elena Reshetova, injinjini kubva kuIntel, akaedza kugadzira kuita kweiyi pfungwa yakakodzera kuisirwa muLinux kernel. Gare gare, danho rakatorwa naKees Cook, uyo akapa mashandiro akakodzera iyo huru vhezheni yekernel. Iwo mapeche akarongwa kuverengerwa sechikamu chekuburitswa kwe5.13. Iyo modhi ichavharwa neiyo default. Kuti uigonese, iyo kernel yekuraira mutsara paramende "randomize_kstack_offset=on/off" uye iyo CONFIG_RANDOMIZE_KSTACK_OFFSET_DEFAULT kusetwa kunotsanangurwa. Iyo yepamusoro yekugonesa iyo modhi inofungidzirwa pane ingangoita 1% yekurasikirwa kwekuita.
Izvo zvakakosha zvedziviriro yakarongwa ndeyekusarudza yakasarudzika stack offset kune yega yega system yekufona, izvo zvinoita kuti zviome kuona iyo stack dhizaini mundangariro, kunyangwe mushure mekugamuchira kero data, sezvo inotevera system yekufona ichachinja base kero yestack. Kusiyana nekushandiswa kwePaX RANDKSTACK, mumatanho akarongwa kuti aiswe mukernel, randomization inoitwa kwete padanho rekutanga (cpu_current_top_of_stack), asi mushure mekuisa iyo pt_regs chimiro, izvo zvinoita kuti zvisaite kushandisa ptrace-based nzira kuti uone iyo randomized offset. panguva yakareba-inomhanya system call.
Source: opennet.ru