Contributed by Peter N. M. Hansteen on from the mutable no more dept.
tech@titled immutable userland mappings, Theo de Raadt (
deraadt@) gave us a preview of code that may soon land in -current. The message leads in,
In the last few years, I have been improving the strictness of userland memory layout. An example is the recent addition of MAP_STACK and msyscall(). The first one marks pages that are stack, so that upon entry to the kernel we can check if the stack-pointer is pointing in the stack range. If it isn't, the most obvious conclusion is that a ROP pivot has occured, and we kills the process. The second one marks the region which contains syscall traps, if upon entry to the kernel the PC is not in that region, we know somone is trying to do system calls via an unapproved method.
My next attempt is to lock memory mappings. The current working name is mimmutable(void *addr, size_t len). This identifies all current mapped memory in a region, and tags the mappings. Such mappings can never be unmapped. No new mmap can be done on top of the mappings. And the permissions cannot be changed. Other than that, the underlying storage memory works fine, it is just the mapping that is locked.
This is about work that is upcoming, still not committed. The post includes a patch which is sort of a snapshot of work in progress.
You can read the full message and any followups starting here, and please do test if you feel up to it.
(Comments are closed)