From c95ac833670bff99eb7dcd63953d64a5463e1c4e Mon Sep 17 00:00:00 2001 From: Brian Gianforcaro Date: Sun, 25 Jul 2021 13:14:20 -0700 Subject: [PATCH] Base: Mitigations(7) add -fzero-call-used-regs and Process Protection Update the man page to describe more mitigations that we have applied. --- Base/usr/share/man/man7/Mitigations.md | 34 ++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/Base/usr/share/man/man7/Mitigations.md b/Base/usr/share/man/man7/Mitigations.md index 9e0b86d93b..a4010dd881 100644 --- a/Base/usr/share/man/man7/Mitigations.md +++ b/Base/usr/share/man/man7/Mitigations.md @@ -237,6 +237,40 @@ Date: Fri Jan 1 15:27:42 2021 -0800 Build + LibC: Enable -fstack-protector-strong in user space ``` +### Protected Kernel Process Data + +The kernel applies a exploit mitigation technique where vulnerable data +related to the state of a process is separated out into it's own region +in memory which is always remmaped as read-only after it's initialized +or updated. This means that an attacker needs more than an arbitrary +kernel write primitive to be able to elevate a process to root for example. + +It was first enabled in the following [commit](https://github.com/SerenityOS/serenity/commit/cbcf891040e9921ff628fdda668c9738f358a178): +``` +commit cbcf891040e9921ff628fdda668c9738f358a178 +Author: Andreas Kling +Date: Wed Mar 10 19:59:46 2021 +0100 + +Kernel: Move select Process members into protected memory +``` + +### -fzero-call-used-regs + +GCC-11 added a new option `-fzero-call-used-regs` which causes the +compiler to zero function arguments before return of a function. The +goal being to reduce the possible attack surface by disarming ROP +gadgets that might be potentially useful to attackers, and reducing +the risk of information leaks via stale register data. + +It was first enabled when compiling the Kernel in the following [commit](https://github.com/SerenityOS/serenity/commit/204d5ff8f86547a8b100cf26a958aaabf49211f2): + +``` +commit 204d5ff8f86547a8b100cf26a958aaabf49211f2 +Author: Brian Gianforcaro +Date: Fri Jul 23 00:42:54 2021 -0700 + +Kernel: Reduce useful ROP gadgets by zeroing used function registers +``` ## See also