Re: [PATCH v2] sparc64: Add support for Application Data Integrity (ADI)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 03/08/2016 10:48 AM, James Morris wrote:
On 03/08/2016 06:54 AM, Andy Lutomirski wrote:

This makes sense, but I still think the design is poor.  If the hacker
gets code execution, then they can trivially brute force the ADI bits.


ADI in this scenario is intended to prevent the attacker from gaining
code execution in the first place.

Here's some more background from Enrico Perla (who literally wrote the book on kernel exploitation):

https://blogs.oracle.com/enrico/entry/hardening_allocators_with_adi

Probably the most significant advantage from a security point of view is the ability to eliminate an entire class of vulnerability: adjacent heap overflows, as discussed above, where, for example, adjacent heap objects are tagged differently. Classic linear buffer overflows can be eliminated.

As Kees Cook outlined at the 2015 kernel summit, it's best to mitigate classes of vulnerabilities rather than patch each instance:

https://outflux.net/slides/2011/defcon/kernel-exploitation.pdf

The Linux ADI implementation is currently very rudimentary, and we definitely welcome continued feedback from the community and ideas as it evolves.

- James

--
To unsubscribe from this list: send the line "unsubscribe linux-doc" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Linux FS]     [Yosemite Forum]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]     [Linux Resources]

  Powered by Linux