Stack-register Checking
by from OpenBSD Journal on (#3HSSV)
Recently, Theo de Raadt (deraadt@)describeda new type of mitigation he has been working on together with Stefan Kempf (stefan@):
How about we add another new permission! This is not a hardwarepermission, but a software permission. It is opportunisticallyenforced by the kernel. the permission is MAP_STACK. If you want to use memory as a stack,you must mmap it with that flag bit. The kernel does so automaticallyfor the stack region of a process's stack. Two other types of stackoccur: thread stacks, and alternate signal stacks. Those are handledin clever ways.When a system call happens, we check if the stack-pointer registerpoints to such a page. If it doesn't, the program is killed. Wehave tightened the ABI. You may no longer point your stack registerat non-stack memory. You'll be killed. This checking code is MI, soit works for all platforms.
For more detail, see Theo'soriginal message.