[Ksummit-discuss] [TECH TOPIC] Kernel Hardening
Andy Lutomirski
luto at amacapital.net
Mon Aug 24 23:13:19 UTC 2015
On Mon, Aug 24, 2015 at 3:55 PM, Kees Cook <keescook at chromium.org> wrote:
> On Mon, Aug 24, 2015 at 1:09 PM, James Bottomley
> <James.Bottomley at hansenpartnership.com> wrote:
>> On Mon, 2015-08-24 at 09:35 -0700, Kees Cook wrote:
>>> The
>>> hardening the kernel needs is about taking away exploitation tools,
>>> not killing bugs. (Though killing bugs is still great.)
>>
>> It's both. One of the old standards for attacking C code was buffer
>> overruns. Remove those via detection tools and you reduce the attack
>> surface.
>
> Well, attack surface is just what interfaces are exposed to an
> attacker. But yes, killing bug classes is important. Making bugs
> unexploitable is even better because then security bugs really do just
> become bugs.
There are plenty of cases where mitigation of an exploit technique
class changes a family of bugs from privilege escalation to DoS, and
that's a big deal. For example, min mmap addresses mostly turn
NULL-pointer dereferences into DoS. SMAP (and, to a lesser extent,
UDEREF) turns "upside-down" gsbase (a lovely x86ism that's involved in
the BadIRET privesc and quite a few others) into just DoS.
These aren't cases where it's a PITA for an attacker to get more than
DoS -- these are cases where the mitigations really do prevent
privilege escalation completely because they kick in before the
attacker gets to control a value that's used for anything.
--Andy
More information about the Ksummit-discuss
mailing list