Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 27 Feb 2019 11:03:42 +0000
From: "Reshetova, Elena" <>
To: Kees Cook <>, "Perla, Enrico"
CC: Andy Lutomirski <>, Andy Lutomirski <>,
	Jann Horn <>, Peter Zijlstra <>,
	"" <>,
	"" <>, ""
	<>, "" <>, ""
Subject: RE: [RFC PATCH] x86/entry/64: randomize kernel stack offset upon
 system call

> On Wed, Feb 20, 2019 at 2:53 PM Kees Cook <> wrote:
> > BTW, the attack that inspired grsecurity's RANDKSTACK is described in
> > these slides (lots of steps, see slide 79):
> >
> Sorry, as PaX Team reminded me, I misremembered this. RANDKSTACK
> already existed. It was STACKLEAK that was created in response to this
> particular attack. I still think this attack is worth understanding to
> see what hoops must be jumped through when dealing with stack
> randomization (and other defenses).

Yes, I actually went through a number of stack-based attacks, including above,
in order to understand what we are trying to protect against. 
If you are interested, I wrote some notes here mainly for organizing my own 
thoughts and understanding:

It also has references to slidedecks of relevant attacks. 
I am going to update them now based on our good discussion here.

Anyhow, I am glad that we arrived to conclusion here and I know how to proceed. 
So, I will start working on randomizing after pt_regs in direction that Andy outlined.

With regards to disabling iopl(), this is pretty separate thing. If anyone wants to run
with this and submit a patch, please go ahead, I can also do it a bit later (after a study of it 
since I never used it before) if noone finds bandwidth in the meantime.  

Best Regards,

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.