Enhancing security of the kernel stack for mitigating arbitrary execution in the kernel

Abstract

The Linux kernel stack has only limited space and shared by numerous threads. This feature was exploited by an attacker over 10 years, but any patch is done for resolving this issue. One of the vulnerability stems from this feature is Use-before-initialization (UBI) bug. UBI is a common type of memory error in which variables are declared and read from without being initialized beforehand. Exploiting such a vulnerability could allow the attacker to modify the control flow, or peek into sensitive memory values via information leak. However, even with its potential to compromise a program as crucial as Linux Kernel, UBI vulnerabilities rarely get attention compared to Use-After-Free vulnerabilities. Furthermore, current full memory-safety implements do not consider UBI vulnerabilities, lead to exposing a new attack path via CVE-2010-2963. Lu et al.[7] proposes UBI defenses as an extensive analysis of the source code but it causes a detrimental effect on the performance. This thesis presents StackCleaner, a stack sanitizer for mitigating the UBI vulnerability. StackCleaner minimizes the exploitability of a UBI vulnerability via initializing only used stack area by a system call, resulting in an uninitialized variable not be crafted by the attackers with rigged function calls. The prototype of StackCleaner is implemented for system calls in x86-64 Linux, and tried to boot using instrumented the Kernel image. The proposed mitigation, StackCleaner shows a few running overheads and does not harm the normal routine of the kernel, proving a few side effects.