diff options
| author |   deraadt <deraadt@openbsd.org> | 2016-05-10 18:39:40 +0000 |
|---|---|---|
| committer | deraadt <deraadt@openbsd.org> | 2016-05-10 18:39:40 +0000 |
| commit | 7730d1d9cb84cef07e5a404bafac47d7e8e531c6 (patch) | |
| tree | ad036b14ced3b636562575a7b22fbfd1974fda32 /sys/kern/kern_exec.c | |
| parent | The hppa trapframe PC is marked (in the low two bits) to indicate a (diff) | |
| download | wireguard-openbsd-7730d1d9cb84cef07e5a404bafac47d7e8e531c6.tar.xz wireguard-openbsd-7730d1d9cb84cef07e5a404bafac47d7e8e531c6.zip | |
SROP mitigation. sendsig() stores a (per-process ^ &sigcontext) cookie
inside the sigcontext. sigreturn(2) checks syscall entry was from the
exact PC addr in the (per-process ASLR) sigtramp, verifies the cookie,
and clears it to prevent sigcontext reuse.
not yet tested on landisk, sparc, *88k, socppc.
ok kettenis
Diffstat (limited to 'sys/kern/kern_exec.c')
| -rw-r--r-- | sys/kern/kern_exec.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/sys/kern/kern_exec.c b/sys/kern/kern_exec.c index 2bae3c5fbeb..ced0bb86c51 100644 --- a/sys/kern/kern_exec.c +++ b/sys/kern/kern_exec.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kern_exec.c,v 1.176 2016/04/25 20:00:33 tedu Exp $ */ +/* $OpenBSD: kern_exec.c,v 1.177 2016/05/10 18:39:51 deraadt Exp $ */ /* $NetBSD: kern_exec.c,v 1.75 1996/02/09 18:59:28 christos Exp $ */ /*- @@ -498,6 +498,7 @@ sys_execve(struct proc *p, void *v, register_t *retval) TCB_SET(p, NULL); /* reset the TCB address */ pr->ps_kbind_addr = 0; /* reset the kbind bits */ pr->ps_kbind_cookie = 0; + arc4random_buf(&pr->ps_sigcookie, sizeof pr->ps_sigcookie); /* set command name & other accounting info */ memset(p->p_comm, 0, sizeof(p->p_comm)); @@ -868,5 +869,9 @@ exec_sigcode_map(struct process *pr, struct emul *e) return (ENOMEM); } + /* Calculate PC at point of sigreturn entry */ + pr->ps_sigcoderet = pr->ps_sigcode + + (pr->ps_emul->e_esigret - pr->ps_emul->e_sigcode); + return (0); } |