[Ksummit-discuss] [TECH TOPIC] Kernel Hardening

Thomas Gleixner tglx at linutronix.de
Mon Aug 24 18:59:34 UTC 2015


On Mon, 24 Aug 2015, Thomas Gleixner wrote:
> On Mon, 24 Aug 2015, Kees Cook wrote:
> > On Mon, Aug 24, 2015 at 4:56 AM, James Morris <jmorris at namei.org> wrote:
> > This is far from a comprehensive list, though. The biggest value, I
> > think, would be in using KERNEXEC, UDEREF, USERCOPY, and the plugins
> > for constification and integer overflow.
> 
> There is another aspect. We need to make developers more aware of the
> potential attack issues. I learned my lesson with the futex disaster
> and since then I certainly look with a different set of eyes at user
> space facing code. I doubt that we want that everyone experiences the
> disaster himself (though that's a very enlightening experience), but
> we should try to document incidents and the lessons learned from
> them. Right now we just rely on those who are deep into the security
> realm or the few people who learned it the hard way.

A good way to start would be to actually force developers to document
meticulously the possible states of user space variable(s) which
influence the behaviour of the interface. That can be a mindboggling
exercise depending on the complexity of the interface, but it helps
both the implementer and the reviewer.

Thanks,

	tglx


More information about the Ksummit-discuss mailing list