STACKLEAK is a Linux kernel security feature initially developed by Grsecurity/PaX. I'm working on introducing STACKLEAK into the Linux kernel mainline. This article describes the inner workings of this security feature and why the vanilla kernel needs it.
In short, STACKLEAK is needed because it mitigates several types of Linux kernel vulnerabilities, by:
- Reducing the information that can be revealed to an attacker by kernel stack leak bugs,
- Blocking some uninitialized stack variable attacks,
- Detecting kernel stack overflow during Stack Clash attack against Linux Kernel.
This security feature fits the mission of the Kernel Self Protection Project (KSPP): security is more than just fixing bugs. Fixing absolutely all bugs is impossible, which is why the Linux kernel has to fail safely in case of an error or vulnerability exploitation. More details about KSPP are
available on its wiki.
STACKLEAK was initially developed by the PaX Team, going as PAX_MEMORY_STACKLEAK in the Grsecurity/PaX patch. But this patch is no longer freely available to the Linux kernel community. So I took its last public version for the 4.9 kernel (April 2017) and got to work. The plan has been as follows:
- First extract STACKLEAK from the Grsecurity/PaX patch.
- Then carefully study the code and create a new patch.
- Send the result to the Linux kernel mailing list (LKML), get feedback, make improvements, and repeat until the code is accepted into the mainline.
As of October 9, 2018, the
15th version of the STACKLEAK patch series has been submitted. It contains the common code and x86_64/x86_32 support. The arm64 support developed by Laura Abbott from Red Hat has already been merged into mainline kernel v4.19.