Today, I finished the Stack Clash mitigations in #HardenedBSD.
Here's the highlights:
1. Default 2MB guard between the bottom-most part of the stack and other memory mappings.
2. Plug the hole that makes the guard ineffective
3. Disallow applications from requesting or being granted memory mappings within the bottom-most limit of the stack and the top of the stack.
@liate Because implementing ASLR in #FreeBSD was Oliver's thesis research project and one of my personal goals. Out of the difficulties (and eventual failure) of upstreaming ASLR to FreeBSD was HardenedBSD born.
One last #StackClash mitigation commit in #HardenedBSD: https://github.com/HardenedBSD/hardenedBSD/commit/00ad1fb6b53f63d6e9ba539b8f251b5cf4d40261
This, in conjunction with the hardened stack guard, should fully mitigate Stack Clash in HardenedBSD.
#FreeBSD would like to celebrate "National FreeBSD Day" with its stack guard page disabled: https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
#HardenedBSD has it enabled by default.