STACKLEAK Security Added to Linux 4.19 Kernel to Prevent Stack Attacks

A few days ago we covered Enhanced IBRS as mitigation against Spectre attacks being added to Linux 4.19 kernel, and now we just found out that another security hardening measure, known as STACKLEAK, is being added to the Linux 4.19 kernel as well.

What STACKLEAK does is wipe out the kernel stack before returning from system calls. So by clearing the kernel stack, it can effectively reduce potential leakage and then block some possible attack vectors – which includes stack clash attacks, and uninitialized stack variable attacks. This STACKLEAK feature is being ported to the mainline Linux kernel from an old code state from GrSecurity/PaX kernel code from when those patches were available for public download.

This patch work should also have a STACKLEAK plug-in for GCC (which has Speculation Tracking against Spectre V1 in the GCC 9.0 Compiler as we covered a few days ago) – this STACKLEAK plug-in for GCC is used for tracking the kernel stack’s lowest border, and will ensure alloca() calls will not cause stack overflows.

Kamil Anwar
Kamil is a certified MCITP, CCNA (W), CCNA (S) and a former British Computer Society Member with over 9 years of experience Configuring, Deploying and Managing Switches, Firewalls and Domain Controllers also an old-school still active on FreeNode.