| Prev Next | Secure Lazy Binding | Slide #29 |
only permit kbind() syscall from one address
struct process has caddr_t ps_kbind_addr
copied on fork(), zeroed on execve()
kbind() extracts the return address from the syscall trap frame
if ps_kbind_addr is zero, this is first call, so set it
otherwise, if they don't match then sigexit(SIGILL)
if called with NULL parameters ("change nothing"), then set ps_kbind_addr to impossible address
C startup code for static executables can use that to disable kbind() for them
dynamic linker has syscall as inline ASM and is built with -fstack-protector
if you jump into the middle of _dl_bind() to get to the syscall, on return the stack protector will catch you
| EuroBSDCon 2014 | Copyright © 2014 Philip Guenther |