Project

General

Profile

Feature #7032

want a means to forbid mappings around NULL

Added by Rich Lowe over 4 years ago. Updated about 4 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
kernel
Start date:
2016-06-02
Due date:
% Done:

100%

Estimated time:
Difficulty:
Medium
Tags:
needs-triage
Gerrit CR:

Description

A security-flag (see #7029) is desired to forbid processes to create mappings around NULL ((void *)0), to act in the spirit of SMEP/SMAP on systems without this feature in hardware.

We should protect a block of memory beginning at 0x0, rather than just 0x0, such that we cover must references to members of a NULL structure ((foo_t *)0)->bar.


Related issues

Related to illumos gate - Feature #7029: want per-process exploit mitigation features (secflags)ClosedRich Lowe2016-06-02

Actions
#1

Updated by Electric Monk about 4 years ago

  • Status changed from New to Closed
  • % Done changed from 0 to 100

git commit d2a70789f056fc6c9ce3ab047b52126d80b0e3da

commit  d2a70789f056fc6c9ce3ab047b52126d80b0e3da
Author: Richard Lowe <richlowe@richlowe.net>
Date:   2016-10-15T16:02:16.000Z

    7029 want per-process exploit mitigation features (secflags)
    7030 want basic address space layout randomization (ASLR)
    7031 noexec_user_stack should be a security-flag
    7032 want a means to forbid mappings around NULL
    Reviewed by: Robert Mustacchi <rm@joyent.com>
    Reviewed by: Josef 'Jeff' Sipek <jeffpc@josefsipek.net>
    Reviewed by: Patrick Mooney <pmooney@joyent.com>
    Approved by: Dan McDonald <danmcd@omniti.com>

#2

Updated by Joshua M. Clulow over 1 year ago

  • Related to Feature #7029: want per-process exploit mitigation features (secflags) added

Also available in: Atom PDF