upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-02-24 02:10:45 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
opnsense-src/sys/sys/exec.h
Mark Johnston 5fa005e915 exec: Reimplement stack address randomization 
The approach taken by the stack gap implementation was to insert a
random gap between the top of the fixed stack mapping and the true top
of the main process stack.  This approach was chosen so as to avoid
randomizing the previously fixed address of certain process metadata
stored at the top of the stack, but had some shortcomings.  In
particular, mlockall(2) calls would wire the gap, bloating the process'
memory usage, and RLIMIT_STACK included the size of the gap so small
(< several MB) limits could not be used.

There is little value in storing each process' ps_strings at a fixed
location, as only very old programs hard-code this address; consumers
were converted decades ago to use a sysctl-based interface for this
purpose.  Thus, this change re-implements stack address randomization by
simply breaking the convention of storing ps_strings at a fixed
location, and randomizing the location of the entire stack mapping.
This implementation is simpler and avoids the problems mentioned above,
while being unlikely to break compatibility anywhere the default ASLR
settings are used.

The kern.elfN.aslr.stack_gap sysctl is renamed to kern.elfN.aslr.stack,
and is re-enabled by default.

PR:		260303
Reviewed by:	kib
Discussed with:	emaste, mw
Sponsored by:	The FreeBSD Foundation

(cherry picked from commit 1811c1e957)
2022-02-16 11:55:03 -05:00

134 lines
4.7 KiB
C
Raw Permalink Blame History

/*-
* SPDX-License-Identifier: BSD-3-Clause
*
* Copyright (c) 1992, 1993
* The Regents of the University of California. All rights reserved.
* (c) UNIX System Laboratories, Inc.
* All or some portions of this file are derived from material licensed
* to the University of California by American Telephone and Telegraph
* Co. or Unix System Laboratories, Inc. and are reproduced herein with
* the permission of UNIX System Laboratories, Inc.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. Neither the name of the University nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* @(#)exec.h 8.3 (Berkeley) 1/21/94
* $FreeBSD$
*/
#ifndef _SYS_EXEC_H_
#define _SYS_EXEC_H_
/*
* Before ps_args existed, the following structure, found at the top of
* the user stack of each user process, was used by ps(1) to locate
* environment and argv strings. Normally ps_argvstr points to the
* argv vector, and ps_nargvstr is the same as the program's argc. The
* fields ps_envstr and ps_nenvstr are the equivalent for the environment.
*
* Programs should now use setproctitle(3) to change ps output.
* setproctitle() always informs the kernel with sysctl and sets the
* pointers in ps_strings. The kern.proc.args sysctl first tries p_args.
* If p_args is NULL, it then falls back to reading ps_strings and following
* the pointers.
*/
struct ps_strings {
char **ps_argvstr; /* first of 0 or more argument strings */
unsigned int ps_nargvstr; /* the number of argument strings */
char **ps_envstr; /* first of 0 or more environment strings */
unsigned int ps_nenvstr; /* the number of environment strings */
};
struct image_params;
struct execsw {
int (*ex_imgact)(struct image_params *);
const char *ex_name;
};
#include <machine/exec.h>
#ifdef _KERNEL
#include <sys/cdefs.h>
/*
* Address of ps_strings structure (in user space).
* Prefer the kern.ps_strings or kern.proc.ps_strings sysctls to this constant.
*/
#define PS_STRINGS (USRSTACK - sizeof(struct ps_strings))
#define PROC_PS_STRINGS(p) \
((p)->p_vmspace->vm_stacktop - (p)->p_sysent->sv_psstringssz)
int exec_map_first_page(struct image_params *);
void exec_unmap_first_page(struct image_params *);
int exec_register(const struct execsw *);
int exec_unregister(const struct execsw *);
extern int coredump_pack_fileinfo;
extern int coredump_pack_vmmapinfo;
/*
* note: name##_mod cannot be const storage because the
* linker_file_sysinit() function modifies _file in the
* moduledata_t.
*/
#include <sys/module.h>
#define EXEC_SET(name, execsw_arg) \
static int __CONCAT(name,_modevent)(module_t mod, int type, \
void *data) \
{ \
struct execsw *exec = (struct execsw *)data; \
int error = 0; \
switch (type) { \
case MOD_LOAD: \
/* printf(#name " module loaded\n"); */ \
error = exec_register(exec); \
if (error) \
printf(__XSTRING(name) "register failed\n"); \
break; \
case MOD_UNLOAD: \
/* printf(#name " module unloaded\n"); */ \
error = exec_unregister(exec); \
if (error) \
printf(__XSTRING(name) " unregister failed\n");\
break; \
default: \
error = EOPNOTSUPP; \
break; \
} \
return error; \
} \
static moduledata_t __CONCAT(name,_mod) = { \
__XSTRING(name), \
__CONCAT(name,_modevent), \
(void *)& execsw_arg \
}; \
DECLARE_MODULE_TIED(name, __CONCAT(name,_mod), SI_SUB_EXEC, \
SI_ORDER_ANY)
#endif
#endif
Reference in a new issue View git blame Copy permalink