diff options
| author |   miod <miod@openbsd.org> | 2015-02-09 11:52:47 +0000 |
|---|---|---|
| committer | miod <miod@openbsd.org> | 2015-02-09 11:52:47 +0000 |
| commit | 2bda40dc64ded01f64f2729a3910b84c37f10acb (patch) | |
| tree | 3b6464215676047198719b1a9a49ead146e64453 | |
| parent | Oups forgot to remove the enums (diff) | |
| download | wireguard-openbsd-2bda40dc64ded01f64f2729a3910b84c37f10acb.tar.xz wireguard-openbsd-2bda40dc64ded01f64f2729a3910b84c37f10acb.zip | |
Change the way stackgap_random is applied. Instead of applying it within the
fixed stack area of the exec'd image, and risking hitting process limits,
should we want to increase stackgap_random, the randomness is applied to the
stack region in the process' vmspace.
| -rw-r--r-- | sys/arch/sparc/sparc/machdep.c | 7 | ||||
| -rw-r--r-- | sys/kern/exec_subr.c | 11 | ||||
| -rw-r--r-- | sys/kern/kern_exec.c | 12 | ||||
| -rw-r--r-- | sys/kern/kern_sysctl.c | 3 | ||||
| -rw-r--r-- | sys/sys/exec.h | 8 |
5 files changed, 29 insertions, 12 deletions
diff --git a/sys/arch/sparc/sparc/machdep.c b/sys/arch/sparc/sparc/machdep.c index fce1a81af17..c7555a4d90c 100644 --- a/sys/arch/sparc/sparc/machdep.c +++ b/sys/arch/sparc/sparc/machdep.c @@ -1,4 +1,4 @@ -/* $OpenBSD: machdep.c,v 1.167 2014/12/10 15:29:53 mikeb Exp $ */ +/* $OpenBSD: machdep.c,v 1.168 2015/02/09 11:52:47 miod Exp $ */ /* $NetBSD: machdep.c,v 1.85 1997/09/12 08:55:02 pk Exp $ */ /* @@ -143,11 +143,8 @@ cpu_startup() pmapdebug = 0; #endif - if (CPU_ISSUN4M) { - extern int stackgap_random; - + if (CPU_ISSUN4M) stackgap_random = STACKGAP_RANDOM_SUN4M; - } /* * Re-map the message buffer from its temporary address diff --git a/sys/kern/exec_subr.c b/sys/kern/exec_subr.c index e51b6af910f..1e34ed57b50 100644 --- a/sys/kern/exec_subr.c +++ b/sys/kern/exec_subr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: exec_subr.c,v 1.47 2015/02/06 23:58:12 deraadt Exp $ */ +/* $OpenBSD: exec_subr.c,v 1.48 2015/02/09 11:52:47 miod Exp $ */ /* $NetBSD: exec_subr.c,v 1.9 1994/12/04 03:10:42 mycroft Exp $ */ /* @@ -330,6 +330,7 @@ vmcmd_randomize(struct proc *p, struct exec_vmcmd *cmd) int exec_setup_stack(struct proc *p, struct exec_package *epp) { + vaddr_t sgap; #ifdef MACHINE_STACK_GROWS_UP epp->ep_maxsaddr = USRSTACK; @@ -340,6 +341,14 @@ exec_setup_stack(struct proc *p, struct exec_package *epp) #endif epp->ep_ssize = round_page(p->p_rlimit[RLIMIT_STACK].rlim_cur); + if (stackgap_random != 0) { + sgap = arc4random() & (stackgap_random - 1); + sgap = trunc_page(sgap); + + epp->ep_maxsaddr -= sgap; + epp->ep_minsaddr -= sgap; + } + /* * set up commands for stack. note that this takes *two*, one to * map the part of the stack which we can access, and one to map diff --git a/sys/kern/kern_exec.c b/sys/kern/kern_exec.c index 9f32fa441b8..6fb62d18305 100644 --- a/sys/kern/kern_exec.c +++ b/sys/kern/kern_exec.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kern_exec.c,v 1.159 2015/02/09 09:39:09 miod Exp $ */ +/* $OpenBSD: kern_exec.c,v 1.160 2015/02/09 11:52:47 miod Exp $ */ /* $NetBSD: kern_exec.c,v 1.75 1996/02/09 18:59:28 christos Exp $ */ /*- @@ -85,7 +85,7 @@ int exec_sigcode_map(struct process *, struct emul *); /* * If non-zero, stackgap_random specifies the upper limit of the random gap size - * added to the fixed stack gap. Must be n^2. + * added to the fixed stack position. Must be n^2. */ int stackgap_random = STACKGAP_RANDOM; @@ -402,8 +402,14 @@ sys_execve(struct proc *p, void *v, register_t *retval) dp = (char *)(((long)dp + _STACKALIGNBYTES) & ~_STACKALIGNBYTES); sgap = STACKGAPLEN; + + /* + * If we have enabled random stackgap, the stack itself has already + * been moved from a random location, but is still aligned to a page + * boundary. Provide the lower bits of random placement now. + */ if (stackgap_random != 0) { - sgap += arc4random() & (stackgap_random - 1); + sgap += arc4random() & PAGE_MASK; sgap = (sgap + _STACKALIGNBYTES) & ~_STACKALIGNBYTES; } diff --git a/sys/kern/kern_sysctl.c b/sys/kern/kern_sysctl.c index 1b6df9ea98b..4533da7223a 100644 --- a/sys/kern/kern_sysctl.c +++ b/sys/kern/kern_sysctl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kern_sysctl.c,v 1.279 2015/01/20 19:43:21 kettenis Exp $ */ +/* $OpenBSD: kern_sysctl.c,v 1.280 2015/02/09 11:52:47 miod Exp $ */ /* $NetBSD: kern_sysctl.c,v 1.17 1996/05/20 17:49:05 mrg Exp $ */ /*- @@ -264,7 +264,6 @@ kern_sysctl(int *name, u_int namelen, void *oldp, size_t *oldlenp, void *newp, dev_t dev; extern int somaxconn, sominconn; extern int usermount, nosuidcoredump; - extern int stackgap_random; extern int maxlocksperuid; extern int pool_debug; diff --git a/sys/sys/exec.h b/sys/sys/exec.h index e74ae18bc1e..d8d4459e2be 100644 --- a/sys/sys/exec.h +++ b/sys/sys/exec.h @@ -1,4 +1,4 @@ -/* $OpenBSD: exec.h,v 1.29 2015/02/06 23:58:12 deraadt Exp $ */ +/* $OpenBSD: exec.h,v 1.30 2015/02/09 11:52:47 miod Exp $ */ /* $NetBSD: exec.h,v 1.59 1996/02/09 18:25:09 christos Exp $ */ /*- @@ -214,6 +214,12 @@ extern struct execsw execsw[]; extern int nexecs; extern int exec_maxhdrsz; +/* + * If non-zero, stackgap_random specifies the upper limit of the random gap size + * added to the fixed stack position. Must be n^2. + */ +extern int stackgap_random; + /* Limit on total PT_OPENBSD_RANDOMIZE bytes. */ #define ELF_RANDOMIZE_LIMIT 64*1024 |