Contributed by rueda on from the hard-as-nails-(in-the-coffin-of-exploit-techniques) dept.
Theo de Raadt (deraadt@
) has
committed
code for a new exploit-prevention mechanism:
[…] Repurpose the "syscalls must be on a writeable page" mechanism to enforce a new policy: system calls must be in pre-registered regions. We have discussed more strict checks than this, but none satisfy the cost/benefit based upon our understanding of attack methods, anyways let's see what the next iteration looks like. This is intended to harden (translation: attackers must put extra effort into attacking) against a mixture of W^X failures and JIT bugs which allow syscall misinterpretation, especially in environments with polymorphic-instruction/variable-sized instructions. It fits in a bit with libc/libcrypto/ld.so random relink on boot and no-restart-at-crash behaviour, particularily for remote problems. Less effective once on-host since someone the libraries can be read. […]
The full commit details are well worth reading, as is the manual page for the (new) msyscall(2), and some associated discussion on tech@.
As this change involves ABI breakage, upgrading via snapshots is the easiest way to avoid trouble.
(Comments are closed)
By brynet (Brynet) on https://brynet.biz.tm/