...
Stack class mitigations are a soft requirement for distributions such as Fedora and a hard requirement for Red Hat Enterprise Linux.
Work has not started, but yet, but likely will start before the end of the summer.
Stakeholders/Partners
RISE:
Ventana: Raphael Zinsly – lead developer
Ventana: Jeff Law – design/implementation review
External:
Dependencies
- There is a minor dependency on wording in PSABI for a extreme corner case. Essentially PSABI will need to spell out certain requirements for callers that the callee can depend on to implement efficient stack clash mitigation. This is a technical ABI change, but it is expected all binaries in the wild would satisfy the new ABI requirements as-is without a rebuild.
Status
| Page Properties | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Updates
- The stack-clash implementation bootstraps when on by default
- It appears that the implementation works correctly for the smoke test (realpath in glibc)
- GCC's testsuite for stack clash is passing at this point
- Building scanning tools to help identify vulnerable code and verify that the implementation closes the vulnerability
- Upstreaming plan: late spring, shortly after gcc-15 opens for develoment
- Project reported as priority for 1H2024.
...