oss-sec mailing list archives
Re: Qualys Security Advisory - The Stack Clash
From: Daniel Micay <danielmicay () gmail com>
Date: Thu, 22 Jun 2017 02:00:52 -0400
Is it planned to have glibc use a larger 1M gap for secondary stacks rather than a single guard page? That would be a *lot* easier than it was to set it up for the main thread stack. It follows the main thread stack rlimit as a guideline so it seems to make sense to use the same guard region size too. If it ends up exposed as a sysctl, it could read the current value from there. For the local setuid/setgid/setcap binary attack surface, the main thread stack is most relevant, but in general many cases of large stack frames that were found are called in threads other than the initial one. Secondary stacks are also mixed in with other mmap allocations rather than having a separate ASLR base and glibc doesn't do any secondary stack ASLR. IIRC, it does cache color the stacks but not randomly and I don't remember how much space it currently reserves for that.
Current thread:
- Re: Qualys Security Advisory - The Stack Clash, (continued)
- Re: Qualys Security Advisory - The Stack Clash nospam (Jun 21)
- Re: Re: Qualys Security Advisory - The Stack Clash Franz Pletz (Jun 21)
- Re: Qualys Security Advisory - The Stack Clash Solar Designer (Jun 25)
- Re: Qualys Security Advisory - The Stack Clash Qualys Security Advisory (Jun 28)
- Re: Qualys Security Advisory - The Stack Clash Josh Bressers (Jun 21)
- Re: Qualys Security Advisory - The Stack Clash Solar Designer (Jun 21)
- Re: Qualys Security Advisory - The Stack Clash Stuart Henderson (Jun 21)
- Re: Qualys Security Advisory - The Stack Clash kseifried () redhat com (Jun 21)
- Re: Qualys Security Advisory - The Stack Clash Qualys Security Advisory (Jun 21)
- Re: Qualys Security Advisory - The Stack Clash Jeff Law (Jun 21)
- Re: Qualys Security Advisory - The Stack Clash Daniel Micay (Jun 21)
- Re: Qualys Security Advisory - The Stack Clash Florian Weimer (Jun 22)
- Re: Qualys Security Advisory - The Stack Clash Brad Spengler (Jun 21)
- Re: Qualys Security Advisory - The Stack Clash Solar Designer (Jun 21)
- Re: Qualys Security Advisory - The Stack Clash Daniel Micay (Jun 21)
- Re: Qualys Security Advisory - The Stack Clash Brad Spengler (Jun 21)
- Re: Qualys Security Advisory - The Stack Clash Mike O'Connor (Jun 22)
- Re: Qualys Security Advisory - The Stack Clash Solar Designer (Jun 24)
- Re: Qualys Security Advisory - The Stack Clash Jeff Law (Jun 23)
- Re: Qualys Security Advisory - The Stack Clash Kurt Seifried (Jun 23)