U-Kees Cook, owayengumqondisi omkhulu wesistimu ye-kernel.org kanye nomholi weThimba Lezokuphepha le-Ubuntu, manje osebenza kwa-Google ekuvikeleni i-Android ne-ChromeOS, ushicilele iqoqo leziqephu ukuze wenze izinguquko ezingahleliwe ku-kernel stack lapho ucubungula izingcingo zesistimu. Amapeshi athuthukisa ukuphepha kwe-kernel ngokushintsha ukubekwa kwesitaki, okwenza ukuhlasela kwesitaki kube nzima kakhulu futhi kungabi yimpumelelo. Ukuqaliswa kokuqala kusekela amaphrosesa we-ARM64 kanye ne-x86/x86_64.
Umbono wangempela wesichibi ungowephrojekthi ye-PaX RANDKSTACK. Ngo-2019, u-Elena Reshetova, unjiniyela ovela ku-Intel, uzame ukwenza ukuqaliswa kwalo mbono ofanele ukufakwa ku-Linux kernel enkulu. Kamuva, isinyathelo sathathwa ngu-Kees Cook, owethule ukuqaliswa okufanele inguqulo eyinhloko ye-kernel. Ama-patches ahlelelwe ukufakwa njengengxenye yokukhishwa kwe-5.13. Imodi izokhutshazwa ngokuzenzakalela. Ukuze uyinike amandla, ipharamitha yomugqa womyalo we-kernel βrandomize_kstack_offset=on/offβ kanye nokulungiselelwa kwe-CONFIG_RANDOMIZE_KSTACK_OFFSET_DEFAULT kuyahlongozwa. I-overhead yokunika amandla imodi ilinganiselwa cishe ekulahlekelweni kokusebenza okungu-1%.
Ingqikithi yokuvikelwa okuhlongozwayo ukukhetha ukuvala isitaki okungahleliwe kukholi yesistimu ngayinye, okwenza kube nzima ukunquma ukwakheka kwesitaki kumemori, ngisho nangemva kokuthola idatha yekheli, njengoba ikholi yesistimu elandelayo izoshintsha ikheli lesisekelo lesitaki. Ngokungafani nokuqaliswa kwe-PaX RANDKSTACK, kuma-patches ahlongozwayo ukuze afakwe ku-kernel, i-randomization ayenziwa hhayi esigabeni sokuqala (cpu_current_top_of_stack), kodwa ngemva kokusetha isakhiwo se-pt_regs, okwenza kungenzeki ukusebenzisa izindlela ezisekelwe ku-ptrace ukuze kunqunywe i-offset engahleliwe. ngesikhathi socingo lwesistimu olusebenza isikhathi eside.
Source: opennet.ru