Project

General

Profile

Actions

Bug #9641

closed

want stack-clash mitigation

Added by Patrick Mooney about 3 years ago. Updated about 3 years ago.

Status:
Closed
Priority:
Normal
Category:
kernel
Start date:
2018-07-05
Due date:
% Done:

100%

Estimated time:
Difficulty:
Medium
Tags:
Gerrit CR:

Description

The stack-clash advisory for Qualys cited Solaris as a potential target for the exploit. In a 64-bit address space, we do indeed map in ld.so almost immediately after the stack segment. A much larger guard segment of some time would be nice to serve as a mitigation.

Upstreaming the work from SmartOS OS-6323 (and the related OS-6564)

Actions #1

Updated by Electric Monk about 3 years ago

  • Status changed from In Progress to Closed
  • % Done changed from 0 to 100

git commit 284ce987a33170d916c005f044ef6ce9ce8e1517

commit  284ce987a33170d916c005f044ef6ce9ce8e1517
Author: Patrick Mooney <pmooney@pfmooney.com>
Date:   2018-07-19T18:08:35.000Z

    9641 want stack-clash mitigation
    Reviewed by: Jerry Jelinek <jerry.jelinek@joyent.com>
    Reviewed by: Alex Wilson <alex.wilson@joyent.com>
    Reviewed by: Mike Gerdts <mike.gerdts@joyent.com>
    Reviewed by: Toomas Soome <tsoome@me.com>
    Approved by: Robert Mustacchi <rm@joyent.com>

Actions

Also available in: Atom PDF