1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-25 21:47:46 +00:00

Base: Mitigations(7) add -fzero-call-used-regs and Process Protection

Update the man page to describe more mitigations that we have applied.
This commit is contained in:
Brian Gianforcaro 2021-07-25 13:14:20 -07:00 committed by Ali Mohammad Pur
parent 5e87c798d2
commit c95ac83367

View file

@ -237,6 +237,40 @@ Date: Fri Jan 1 15:27:42 2021 -0800
Build + LibC: Enable -fstack-protector-strong in user space
```
### Protected Kernel Process Data
The kernel applies a exploit mitigation technique where vulnerable data
related to the state of a process is separated out into it's own region
in memory which is always remmaped as read-only after it's initialized
or updated. This means that an attacker needs more than an arbitrary
kernel write primitive to be able to elevate a process to root for example.
It was first enabled in the following [commit](https://github.com/SerenityOS/serenity/commit/cbcf891040e9921ff628fdda668c9738f358a178):
```
commit cbcf891040e9921ff628fdda668c9738f358a178
Author: Andreas Kling <kling@serenityos.org>
Date: Wed Mar 10 19:59:46 2021 +0100
Kernel: Move select Process members into protected memory
```
### -fzero-call-used-regs
GCC-11 added a new option `-fzero-call-used-regs` which causes the
compiler to zero function arguments before return of a function. The
goal being to reduce the possible attack surface by disarming ROP
gadgets that might be potentially useful to attackers, and reducing
the risk of information leaks via stale register data.
It was first enabled when compiling the Kernel in the following [commit](https://github.com/SerenityOS/serenity/commit/204d5ff8f86547a8b100cf26a958aaabf49211f2):
```
commit 204d5ff8f86547a8b100cf26a958aaabf49211f2
Author: Brian Gianforcaro <bgianf@serenityos.org>
Date: Fri Jul 23 00:42:54 2021 -0700
Kernel: Reduce useful ROP gadgets by zeroing used function registers
```
## See also