SROP mitigation. sendsig() stores a (per-process ^ &sigcontext) cookie - wireguard-openbsd - WireGuard implementation for the OpenBSD kernel

diff options

author	deraadt <deraadt@openbsd.org>	2016-05-10 18:39:40 +0000
committer	deraadt <deraadt@openbsd.org>	2016-05-10 18:39:40 +0000
commit	7730d1d9cb84cef07e5a404bafac47d7e8e531c6 (patch)
tree	ad036b14ced3b636562575a7b22fbfd1974fda32 /sys/lib
parent	The hppa trapframe PC is marked (in the low two bits) to indicate a (diff)
download	wireguard-openbsd-7730d1d9cb84cef07e5a404bafac47d7e8e531c6.tar.xz wireguard-openbsd-7730d1d9cb84cef07e5a404bafac47d7e8e531c6.zip

SROP mitigation. sendsig() stores a (per-process ^ &sigcontext) cookie

inside the sigcontext. sigreturn(2) checks syscall entry was from the exact PC addr in the (per-process ASLR) sigtramp, verifies the cookie, and clears it to prevent sigcontext reuse. not yet tested on landisk, sparc, *88k, socppc. ok kettenis

Diffstat (limited to 'sys/lib')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: