mirror of
https://gitlab.com/sortix/sortix.git
synced 2023-02-13 20:55:38 -05:00
No description
2e03bd94d3
This change hardens against invalid calls to sigreturn, which is a very useful gadget when compromising a process. The system call now verifies it is a real return from a signal and aborts the process otherwise. This should render such attacks impossible in threads that are not servicing a signal, and infeasible in threads that are handling signals they are yet to return from. The kernel now keeps track for each thread how many signals are being handled but haven't returned yet. Each thread now has a random signal value. It is re-randomized when the thread handles a signal and the current signal counter is zero. This is xorred with the context address and used as canary on the stack during signal dispatch, protecting the saved context on the stack. This works mostly like the regular stack protector. The kernel now keeps track of the stack pointer for a single handled signal per thread. It doesn't seem worth it to keep track of multiple handled signals, as more than one is rare. Note that each delivered signal will not necessarily result in a sigreturn because it is valid for a thread to longjmp(3) out of a signal handler to a valid jmp_buf. The sigreturn system call will abort if either: - It was not called from the kernel sigreturn page. - The thread is not currently processing a signal. - The thread is processing a single signal, and the stack pointer did not have the expected value. - It fails to read the context on the stack. - The canary is wrong. |
||
|---|---|---|
| bench | ||
| build-aux | ||
| carray | ||
| disked | ||
| dispd | ||
| doc | ||
| editor | ||
| ext | ||
| games | ||
| init | ||
| kblayout | ||
| kblayout-compiler | ||
| kernel | ||
| libc | ||
| libm | ||
| libmount | ||
| login | ||
| mkinitrd | ||
| regress | ||
| sf | ||
| sh | ||
| share/man | ||
| sysinstall | ||
| tix | ||
| trianglix | ||
| update-initrd | ||
| utils | ||
| .gitignore | ||
| LICENSE | ||
| Makefile | ||
| README | ||
The Sortix Operating System =========================== Sortix is a small self-hosting operating-system aiming to be a clean and modern POSIX implementation. It is a hobbyist operating system written from scratch with its own base system, including kernel and standard library, as well as ports of third party software. It has a straightforward installer and is can be developed under itself. Releases come with the source code in /src, ready for tinkering. It has been in development since 2011 by a single developer and contributors. Though the system is stable and capable right now, it is still early in development, and a number of crucial features haven't been made yet. Releases are made yearly and future releases will add features such as networking, SMP, and USB that were skipped in favor of becoming self-hosting now. Documentation ------------- The system is documented as manual pages. Introductory system usage is covered in the user-guide(7) manual page. Links ----- For more information, please visit the official website: https://sortix.org/ Building Sortix --------------- Development of Sortix under itself is covered in development(7). Development from another operating system is covered in cross-development(7). You can view the cross-development(7) manual page with this command: man share/man/man7/cross-development.7 License ------- Copyright 2011-2016 Jonas 'Sortie' Termansen and contributors. Sortix is free software licensed under the ISC license as described in the LICENSE file. It also contains permissively licensed code from other projects.