nortti
/
sortix-mirror
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
sortix-mirror/kernel
History
Jonas 'Sortie' Termansen 2e03bd94d3 Add protection against sigreturn oriented programming (SROP). 
This change hardens against invalid calls to sigreturn, which is a very
useful gadget when compromising a process. The system call now verifies
it is a real return from a signal and aborts the process otherwise. This
should render such attacks impossible in threads that are not servicing a
signal, and infeasible in threads that are handling signals they are yet to
return from.

The kernel now keeps track for each thread how many signals are being
handled but haven't returned yet.

Each thread now has a random signal value. It is re-randomized when the
thread handles a signal and the current signal counter is zero. This is
xorred with the context address and used as canary on the stack during
signal dispatch, protecting the saved context on the stack. This works
mostly like the regular stack protector.

The kernel now keeps track of the stack pointer for a single handled
signal per thread. It doesn't seem worth it to keep track of multiple
handled signals, as more than one is rare. Note that each delivered signal
will not necessarily result in a sigreturn because it is valid for a thread
to longjmp(3) out of a signal handler to a valid jmp_buf.

The sigreturn system call will abort if either:

- It was not called from the kernel sigreturn page.
- The thread is not currently processing a signal.
- The thread is processing a single signal, and the stack pointer did not
  have the expected value.
- It fails to read the context on the stack.
- The canary is wrong.
 		2016-05-15 22:43:29 +02:00
..
disk Relicense Sortix to the ISC license. 2016-03-05 22:21:50 +01:00
fs Relicense Sortix to the ISC license. 2016-03-05 22:21:50 +01:00
gpu/bga Relicense Sortix to the ISC license. 2016-03-05 22:21:50 +01:00
include/sortix Add protection against sigreturn oriented programming (SROP). 2016-05-15 22:43:29 +02:00
kb Relicense Sortix to the ISC license. 2016-03-05 22:21:50 +01:00
mouse Relicense Sortix to the ISC license. 2016-03-05 22:21:50 +01:00
net Relicense Sortix to the ISC license. 2016-03-05 22:21:50 +01:00
x64 Clean up errno. 2016-05-15 22:43:29 +02:00
x86 Clean up errno. 2016-05-15 22:43:29 +02:00
x86-family Add assertions to Signal::DispatchHandler callers. 2016-03-28 17:37:37 +02:00
.gitignore Allow bootloader bitmap framebuffer modesetting. 2016-01-08 19:56:11 +01:00
Makefile Convert libc to C. 2016-03-03 23:02:23 +01:00
addralloc.cpp Relicense Sortix to the ISC license. 2016-03-05 22:21:50 +01:00
alarm.cpp Relicense Sortix to the ISC license. 2016-03-05 22:21:50 +01:00
clock.cpp Relicense Sortix to the ISC license. 2016-03-05 22:21:50 +01:00
com.cpp Relicense Sortix to the ISC license. 2016-03-05 22:21:50 +01:00
com.h Relicense Sortix to the ISC license. 2016-03-05 22:21:50 +01:00
copy.cpp Relicense Sortix to the ISC license. 2016-03-05 22:21:50 +01:00
descriptor.cpp Relicense Sortix to the ISC license. 2016-03-05 22:21:50 +01:00
dtable.cpp Relicense Sortix to the ISC license. 2016-03-05 22:21:50 +01:00
elf.cpp Relicense Sortix to the ISC license. 2016-03-05 22:21:50 +01:00
end.cpp Relicense Sortix to the ISC license. 2016-03-05 22:21:50 +01:00
fcache.cpp Relicense Sortix to the ISC license. 2016-03-05 22:21:50 +01:00
fsfunc.cpp Relicense Sortix to the ISC license. 2016-03-05 22:21:50 +01:00
hostname.cpp Make the branding system more neutral. 2016-05-15 22:43:29 +02:00
identity.cpp Relicense Sortix to the ISC license. 2016-03-05 22:21:50 +01:00
initrd.cpp Add initrd module options. 2016-03-07 18:37:20 +01:00
initrd.h Relicense Sortix to the ISC license. 2016-03-05 22:21:50 +01:00
inode.cpp Relicense Sortix to the ISC license. 2016-03-05 22:21:50 +01:00
interlock.cpp Relicense Sortix to the ISC license. 2016-03-05 22:21:50 +01:00
interrupt.cpp Relicense Sortix to the ISC license. 2016-03-05 22:21:50 +01:00
io.cpp Fix fchownat(2) system call ABI on x86. 2016-03-26 23:28:36 +01:00
ioctx.cpp Relicense Sortix to the ISC license. 2016-03-05 22:21:50 +01:00
kernel.cpp Compile libc with -ffreestanding. 2016-05-15 22:43:29 +02:00
kernelinfo.cpp Add tagline. 2016-03-26 23:50:50 +01:00
kthread.cpp Relicense Sortix to the ISC license. 2016-03-05 22:21:50 +01:00
lfbtextbuffer.cpp Relicense Sortix to the ISC license. 2016-03-05 22:21:50 +01:00
lfbtextbuffer.h Relicense Sortix to the ISC license. 2016-03-05 22:21:50 +01:00
libk.cpp Clean up errno. 2016-05-15 22:43:29 +02:00
linebuffer.cpp Relicense Sortix to the ISC license. 2016-03-05 22:21:50 +01:00
linebuffer.h Relicense Sortix to the ISC license. 2016-03-05 22:21:50 +01:00
log.cpp Relicense Sortix to the ISC license. 2016-03-05 22:21:50 +01:00
logterminal.cpp Relicense Sortix to the ISC license. 2016-03-05 22:21:50 +01:00
logterminal.h Relicense Sortix to the ISC license. 2016-03-05 22:21:50 +01:00
memorymanagement.cpp Relicense Sortix to the ISC license. 2016-03-05 22:21:50 +01:00
mtable.cpp Relicense Sortix to the ISC license. 2016-03-05 22:21:50 +01:00
multiboot.h Upgrade to latest upstream multiboot header. 2014-12-01 22:51:07 +01:00
op-new.cpp Relicense Sortix to the ISC license. 2016-03-05 22:21:50 +01:00
panic.cpp Make the branding system more neutral. 2016-05-15 22:43:29 +02:00
partition.cpp Relicense Sortix to the ISC license. 2016-03-05 22:21:50 +01:00
partition.h Relicense Sortix to the ISC license. 2016-03-05 22:21:50 +01:00
pci-mmio.cpp Relicense Sortix to the ISC license. 2016-03-05 22:21:50 +01:00
pci.cpp Relicense Sortix to the ISC license. 2016-03-05 22:21:50 +01:00
pipe.cpp Relicense Sortix to the ISC license. 2016-03-05 22:21:50 +01:00
poll.cpp Relicense Sortix to the ISC license. 2016-03-05 22:21:50 +01:00
process.cpp Add protection against sigreturn oriented programming (SROP). 2016-05-15 22:43:29 +02:00
psctl.cpp Relicense Sortix to the ISC license. 2016-03-05 22:21:50 +01:00
ptable.cpp Relicense Sortix to the ISC license. 2016-03-05 22:21:50 +01:00
random.cpp Relicense Sortix to the ISC license. 2016-03-05 22:21:50 +01:00
refcount.cpp Relicense Sortix to the ISC license. 2016-03-05 22:21:50 +01:00
registers.cpp Relicense Sortix to the ISC license. 2016-03-05 22:21:50 +01:00
resource.cpp Relicense Sortix to the ISC license. 2016-03-05 22:21:50 +01:00
scheduler.cpp Add assertions to Signal::DispatchHandler callers. 2016-03-28 17:37:37 +02:00
segment.cpp Relicense Sortix to the ISC license. 2016-03-05 22:21:50 +01:00
signal.cpp Add protection against sigreturn oriented programming (SROP). 2016-05-15 22:43:29 +02:00
sockopt.cpp Relicense Sortix to the ISC license. 2016-03-05 22:21:50 +01:00
string.cpp Relicense Sortix to the ISC license. 2016-03-05 22:21:50 +01:00
syscall.cpp Fix fchownat(2) system call ABI on x86. 2016-03-26 23:28:36 +01:00
textbuffer.cpp Relicense Sortix to the ISC license. 2016-03-05 22:21:50 +01:00
textterminal.cpp Relicense Sortix to the ISC license. 2016-03-05 22:21:50 +01:00
textterminal.h Relicense Sortix to the ISC license. 2016-03-05 22:21:50 +01:00
thread.cpp Add protection against sigreturn oriented programming (SROP). 2016-05-15 22:43:29 +02:00
time.cpp Relicense Sortix to the ISC license. 2016-03-05 22:21:50 +01:00
timer.cpp Relicense Sortix to the ISC license. 2016-03-05 22:21:50 +01:00
uart.cpp Relicense Sortix to the ISC license. 2016-03-05 22:21:50 +01:00
uart.h Relicense Sortix to the ISC license. 2016-03-05 22:21:50 +01:00
user-timer.cpp Relicense Sortix to the ISC license. 2016-03-05 22:21:50 +01:00
vga.cpp Relicense Sortix to the ISC license. 2016-03-05 22:21:50 +01:00
vga.h Relicense Sortix to the ISC license. 2016-03-05 22:21:50 +01:00
vgafont.f16 Allow bootloader bitmap framebuffer modesetting. 2016-01-08 19:56:11 +01:00
vgatextbuffer.cpp Relicense Sortix to the ISC license. 2016-03-05 22:21:50 +01:00
vgatextbuffer.h Relicense Sortix to the ISC license. 2016-03-05 22:21:50 +01:00
video.cpp Relicense Sortix to the ISC license. 2016-03-05 22:21:50 +01:00
vnode.cpp Relicense Sortix to the ISC license. 2016-03-05 22:21:50 +01:00
worker.cpp Relicense Sortix to the ISC license. 2016-03-05 22:21:50 +01:00