In a late-stage addition prior to the release of OpenBSD 7.3, Mark Kettenis (kettenis@) has committed [more] aggressive randomisation of the stack location for all 64-bit architectures except alpha:

CVSROOT:	/cvs
Module name:	src
Changes by:	[email protected]	2023/03/19 14:32:13

Modified files:
	sys/kern       : exec_subr.c 
	sys/arch/amd64/include: vmparam.h 
	sys/arch/arm64/include: vmparam.h 
	sys/arch/mips64/include: vmparam.h 
	sys/arch/powerpc64/include: vmparam.h 
	sys/arch/riscv64/include: vmparam.h 
	sys/arch/sparc64/include: vmparam.h 

Log message:
Aggressively randomize the location of the stack on all 64-bit architectures
except alpha.  This will put the stack at a random location in the upper
1/4th of the userland virtual address space providing up to 26 additional
bits of randomness in the address.  Skip alpha for now since it currently
puts the stack at a (for a 64-bit architecture) very low address.  Skip
32-bit architectures for now as well since those have a much smaller
virtual address space and we need more time to figure out what a safe
amount of extra randomizations is.  These architectures will continue to
use a mildly randomized stack address through the existing stackgap random
mechanism.  We will revisit this after 7.3 is released.

This should make it harder for an attacker to find the stack.

ok deraadt@, miod@

Reply

Credits

Copyright © 2004-2008Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to April 2nd 2004 as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]