[Ksummit-discuss] [TECH TOPIC] Kernel Hardening
Kees Cook
keescook at chromium.org
Tue Aug 25 16:15:33 UTC 2015
On Tue, Aug 25, 2015 at 8:15 AM, Shuah Khan <shuahkhan at gmail.com> wrote:
> On Mon, Aug 24, 2015 at 10:35 AM, Kees Cook <keescook at chromium.org> wrote:
>> As an example, making the kernel code memory read-only means an
>> attacker cannot just directly change the kernel's execution path when
>> they use an arbitrary memory-writing flaw. (This feature is mostly
>> enabled via CONFIG_DEBUG_RODATA, and was very recently added to ARM,
>> though isn't at 100% coverage for all the physical memory aliases.)
>>
>
> This sounds similar to ExecShield (NX bit) on Intel. Yes this is a good example.
Yup! That's exactly the NX bit (or other architecture equivalent). The
trouble tends to be around correctly setting up the kernel memory maps
to actually split up regions and mark the permissions correctly, and
make sure nothing was depending on the side-effects of the old
permissions.
-Kees
--
Kees Cook
Chrome OS Security
More information about the Ksummit-discuss
mailing list