Show Your Support: This site is primarily supported by advertisements. Ads are what have allowed this site to be maintained on a daily basis for the past 18+ years. We do our best to ensure only clean, relevant ads are shown, when any nasty ads are detected, we work to remove them ASAP. If you would like to view the site without ads while still supporting our work, please consider our ad-free Phoronix Premium.
Linux 4.19 Kernel Getting STACKLEAK Feature
Kees Cook of Google queued STACKLEAK into one of his feature branches that will be sent in for the upcoming Linux 4.19 kernel.
STACKLEAK wipes out the kernel stack before returning from system calls. By clearing the kernel stack, it reduces possible leakage and can block some possible attack vectors, including stack clash attacks and uninitialized stack variable attacks. This STACKLEAK feature was ported to the mainline Linux kernel from an old code state of the GrSecurity/PaX kernel code back when those patches were public.
As part of the patch work is also the STACKLEAK plug-in for GCC that is used for tracking the kernel stack's lowest border and ensuring alloca() calls don't cause stack overflows.
This STACKLEAK mainlining work was spearheaded by Alexander Popov, a Russian Linux security researcher.