On Mon, Jul 29, 2019 at 11:41:11AM +0000, Reshetova, Elena wrote: > I want to summarize here the data (including the performance numbers) > and reasoning for the in-stack randomization feature. I have organized > it in a simple set of Q&A below.
Thanks for these! > The in-stack randomization is really a very small change both code wise and > logic wise. > It does not affect real workloads and does not require enablement of other > features (such as GCC plugins). > So, I think we should really reconsider its inclusion. I'd agree: the code is tiny and while the benefit can't point to a specific issue, it does point to the general weakness of the stack offset being predictable which has been a core observation for many stack-based attacks. If we're going to save state between syscalls (like the 4096 random bytes pool), how about instead we just use a single per-CPU long mixed with rdtsc saved at syscall exit. That should be a reasonable balance between all the considerations and make it trivial for the feature to be a boot flag without the extra page of storage, etc. -- Kees Cook
