Explore the evolution of Linux kernel stack attacks and defenses in this comprehensive conference talk. Delve into the history of stack-based vulnerabilities, examining existing protective measures implemented in the upstream Linux kernel. Analyze the effectiveness of current safeguards, including vmalloc-based stack allocation with guard pages, thread_info removal, and the STACKLEAK feature. Investigate the potential for further enhancing kernel stack security through RANDOMIZE_KSTACK_OFFSET, considering its challenges and performance implications. Gain insights into various attack techniques such as buffer overflows, stack overflows, and inter-stack exploitation, while learning about countermeasures like VMAP-based stacks and Variable-Length Arrays removal. Evaluate the gap between current protections and potential threats, and engage in a discussion on the future of Linux kernel stack security.
Overview
Syllabus
SECURITY
Linux thread stack for x86_64
Buffer overflows
Stack Overflows
Uninitialized Stack
Stackjacking
Inter-stack exploitation
A more recent example
Stack Clash
Basic measures for x86_64
VMAP-based stack
Variable-Length Arrays removal
STACKLEAK and stack initialization
Gap analysis
In-stack randomization: comparison
CONFIG_RANDOMIZE_KSTACK_OFFSET
Performance, performance, performance.....
Discussion & Conclusions
References
Taught by
Linux Foundation
