-
CONFIG_STACK_POINTER_RANDOM¶
Initial stack pointer randomization bounds
Type: int
Help¶
This option performs a limited form of Address Space Layout Randomization by offsetting some random value to a thread’s initial stack pointer upon creation. This hinders some types of security attacks by making the location of any given stack frame non-deterministic.
This feature can waste up to the specified size in bytes the stack region, which is carved out of the total size of the stack region. A reasonable minimum value would be around 100 bytes if this can be spared.
This is currently only implemented for systems whose stack pointers grow towards lower memory addresses.
Defaults¶
- 0 if !
STACK_GROWS_UP
Kconfig definition¶
At kernel/Kconfig:657
Included via Kconfig:10 → Kconfig.zephyr:31
Menu path: (top menu) → General Kernel Options → Security Options
config STACK_POINTER_RANDOM
int
prompt "Initial stack pointer randomization bounds" if !STACK_GROWS_UP
default 0 if !STACK_GROWS_UP
depends on !STACK_GROWS_UP
help
This option performs a limited form of Address Space Layout
Randomization by offsetting some random value to a thread's
initial stack pointer upon creation. This hinders some types of
security attacks by making the location of any given stack frame
non-deterministic.
This feature can waste up to the specified size in bytes the stack
region, which is carved out of the total size of the stack region.
A reasonable minimum value would be around 100 bytes if this can
be spared.
This is currently only implemented for systems whose stack pointers
grow towards lower memory addresses.
(Definitions include propagated dependencies, including from if’s and menus.)