Contributed by rueda on from the bonus-gifts dept.
In a late-stage addition prior to the release of
Mark Kettenis (
[more] aggressive randomisation of the stack location
for all 64-bit architectures except alpha:
CVSROOT: /cvs Module name: src Changes by: firstname.lastname@example.org 2023/03/19 14:32:13 Modified files: sys/kern : exec_subr.c sys/arch/amd64/include: vmparam.h sys/arch/arm64/include: vmparam.h sys/arch/mips64/include: vmparam.h sys/arch/powerpc64/include: vmparam.h sys/arch/riscv64/include: vmparam.h sys/arch/sparc64/include: vmparam.h Log message: Aggressively randomize the location of the stack on all 64-bit architectures except alpha. This will put the stack at a random location in the upper 1/4th of the userland virtual address space providing up to 26 additional bits of randomness in the address. Skip alpha for now since it currently puts the stack at a (for a 64-bit architecture) very low address. Skip 32-bit architectures for now as well since those have a much smaller virtual address space and we need more time to figure out what a safe amount of extra randomizations is. These architectures will continue to use a mildly randomized stack address through the existing stackgap random mechanism. We will revisit this after 7.3 is released. This should make it harder for an attacker to find the stack. ok deraadt@, miod@
(Comments are closed)