A canary for timer-expiration functions
A canary for timer-expiration functions
Posted Aug 17, 2017 10:04 UTC (Thu) by epa (subscriber, #39769)Parent article: A canary for timer-expiration functions
An uglier approach, but perhaps easier to transition to, is to make a big static array (in a piece of generated C code) containing the address of every function in the kernel. Then you replace function pointers with an index into this array. Now an attacker can jump to an arbitrary kernel function, but not to arbitrary addresses. A small refinement is to only store the needed functions in the array -- kernel functions which aren't currently referenced by function pointers don't need to appear.
Would it be possible to use sparse or another static analyser to automate converting function pointer code to this style?
In user space, could it have benefits too?