kernel security anti patterns low hanging fruit
play

Kernel Security Anti-Patterns: Low Hanging Fruit - PowerPoint PPT Presentation

Aug 19, 2022 •149 likes •254 views

Kernel Security Anti-Patterns: Low Hanging Fruit http://outflux.net/slides/2013/lss/fruit.pdf gholzer Linux Security Summit, New Orleans 2013 Kees Cook <keescook@google.com> (pronounced Case) Overview Anti-pattern awareness

  1. Kernel Security Anti-Patterns: Low Hanging Fruit http://outflux.net/slides/2013/lss/fruit.pdf gholzer Linux Security Summit, New Orleans 2013 Kees Cook <keescook@google.com> (pronounced “Case”)

  2. Overview ● Anti-pattern awareness ● Finding anti-patterns ● Format strings ● String manipulation ● Double-reads ● USB ● Keeping anti-patterns fixed Low Hanging Fruit 2/10 Linux Security Summit 2013 May 21, 2013

  3. Anti-pattern Awareness ● Plenty of known general anti-patterns – Busy waiting, hard coding, … – http://en.wikipedia.org/wiki/Anti-pattern ● Security anti-patterns are less well known ● Document security anti-patterns for kernel? – We've got scripts/checkpatch.pl Low Hanging Fruit Linux Security Summit 2013

  4. Finding Anti-patterns ● Actually go look when you see something ugly – printk(buffer); – strncpy(destination, source, strlen(source)); – read, alloc, read again – complex parsing of binary structures (USB!) Low Hanging Fruit Linux Security Summit 2013

  5. Format strings ● printk(buffer); → printk(“%s”, buffer); ● Lots of stuff accidentally pass strings that are ultimately parsed as format strings – CVE-2013-2851 – CVE-2013-2852 ● Use gcc to help – -Wformat -Wformat-security -Werror=format-security – Dumb about const char * ● %n is dangerous with limited real utility Low Hanging Fruit Linux Security Summit 2013

  6. String manipulation ● strncpy(destination, source, strlen(source)); – Unlike snprintf, does not NULL terminate – Want to always end with NULL? strlcpy – Want to never end with NULL? memcpy – Regardless, check destination size – ISCSI unauth remote stack overflow CVE-2013-2850 ● Never used unchecked copy_from/to_user – Various graphics drivers – Always verify userspace reads (yay SMAP) Low Hanging Fruit Linux Security Summit 2013

  7. Double-reads struct something { unsigned int size; unsigned char data[]; }; unsigned int tmp, pos; struct something *kernel_data; copy_from_user( &tmp , user_data, sizeof(tmp) ); kernel_data = malloc( tmp ); copy_from_user( kernel_data , user_data, tmp ); for (pos = 0; pos < kernel_data->size ; pos++) { do_something(kernel_data->data[pos]); } Low Hanging Fruit Linux Security Summit 2013

  8. USB ● HID Report Descriptors – Mistakes are similar to double-read – 12 CVEs found in a week – Verification done with a Facedancer ● Future – Mass-storage – Webcam Low Hanging Fruit Linux Security Summit 2013

  9. Keeping Anti-patterns Fixed ● Remove dangerous functions or side effects – Remove %n again ● Strong gcc defaults – Future: gcc plugins from PaX ● Coccinelle – Tests can run from the tree: scripts/coccinelle/ ● Smatch – Show Dan Carpenter things to catch Low Hanging Fruit Linux Security Summit 2013

  10. Questions? http://outflux.net/slides/2013/lss/fruit.pdf keescook@{chromium.org,google.com} kees@outflux.net Low Hanging Fruit Linux Security Summit 2013

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

IT Security Pick the Low Hanging Fruit First ! A little bit about me Degree in Computer

IT Security Pick the Low Hanging Fruit First ! A little bit about me Degree in Computer

Breakout Session Sept. 29 th , 2016 IT Security Pick the Low Hanging Fruit First ! A little bit about me Degree in Computer Science Began my professional IT career in 1982 at Dow Chemical Held technical engineering positions

309 views • 27 slides
Picking the Low- -Hanging Fruit: Hanging Fruit: Picking the Low Saving Money and Energy?

Picking the Low- -Hanging Fruit: Hanging Fruit: Picking the Low Saving Money and Energy?

Picking the Low- -Hanging Fruit: Hanging Fruit: Picking the Low Saving Money and Energy? Energy? Saving Money and Robert K. Kaufmann Disrupting the Status Quo in Electric Energy Management: A Systems Approach to a Sustainable Energy

500 views • 6 slides
patterns and anti-patterns m e a n s D E P E N D E N C I E S L I A B I L I T Y O P I N I O N AT

patterns and anti-patterns m e a n s D E P E N D E N C I E S L I A B I L I T Y O P I N I O N AT

patterns and anti-patterns m e a n s D E P E N D E N C I E S L I A B I L I T Y O P I N I O N AT E D P R O D F O R A L L Firebase Functions User Browser (Auth, Assets, DB, Security) (running Angular) Auth0 Firebase User Browser

609 views • 19 slides
NLP: Going for low-hanging fruit 1 Introduction NL o ff ers many hard problems But NL features

NLP: Going for low-hanging fruit 1 Introduction NL o ff ers many hard problems But NL features

Introduction Introduction Some low-hanging fruit in computational discourse Some low-hanging fruit in computational discourse Conclusion Conclusion NLP: Going for low-hanging fruit 1 Introduction NL o ff ers many hard problems But NL features

398 views • 13 slides
Nix-on-Droid when the low-hanging fruit is also the ripest one Alexander Sosedkin (@t184256)

Nix-on-Droid when the low-hanging fruit is also the ripest one Alexander Sosedkin (@t184256)

Nix-on-Droid when the low-hanging fruit is also the ripest one Alexander Sosedkin (@t184256) recently Red Hat, formerly a plasma physicist 2019-10-26 Running your favourite userland on mobile devices Get rid of Android and port your distro

657 views • 21 slides
SWEN 262 Engineering of Software Subsystems Anti-Patterns References An anti pattern is a common

SWEN 262 Engineering of Software Subsystems Anti-Patterns References An anti pattern is a common

SWEN 262 Engineering of Software Subsystems Anti-Patterns References An anti pattern is a common response to a recurring problem that is usually ineffective and risks being highly counterproductive. Anti Patterns: Refactoring

389 views • 9 slides
Algorithm Design Patterns and Anti-Patterns Algorithm design patterns. Ex. Greed. O(n log n)

Algorithm Design Patterns and Anti-Patterns Algorithm design patterns. Ex. Greed. O(n log n)

Algorithm Design Patterns and Anti-Patterns Algorithm design patterns. Ex. Greed. O(n log n) interval scheduling. Divide-and-conquer. O(n log n) FFT. Dynamic programming. O(n 2 ) edit distance. Duality. O(n 3 ) bipartite

626 views • 21 slides
Privacy Design Patterns and Anti-Patterns Patterns Misapplied and Unintended Consequences Nick

Privacy Design Patterns and Anti-Patterns Patterns Misapplied and Unintended Consequences Nick

Privacy Design Patterns and Anti-Patterns Patterns Misapplied and Unintended Consequences Nick Doty &amp; Mohit Gupta UC Berkeley, School of Information Privacy-by-Design ... in practice for designers and developers of technologies document

266 views • 11 slides
Software Architecture Anti-Patterns R. Kuehl p. 1 R I T Software Engineering What are

Software Architecture Anti-Patterns R. Kuehl p. 1 R I T Software Engineering What are

Software Architecture Anti-Patterns R. Kuehl p. 1 R I T Software Engineering What are Anti-patterns? An AntiPattern describes a commonly occurring solution to a problem that generates decidedly negative consequences. Happens

380 views • 6 slides
11/13/17 Crucified Peoples Strange Fruit Southern trees bear a strange fruit Blood on the

11/13/17 Crucified Peoples Strange Fruit Southern trees bear a strange fruit Blood on the

11/13/17 Crucified Peoples Strange Fruit Southern trees bear a strange fruit Blood on the leaves, blood at the root Black bodies swinging in the Southern breeze Strange fruit hanging from the poplar trees Pastoral scene of the gallant South

368 views • 3 slides
Low Hanging Fruit NWHA 2019 Annual Conference Marriott Downtown Waterfront Hotel February 20

Low Hanging Fruit NWHA 2019 Annual Conference Marriott Downtown Waterfront Hotel February 20

Low Hanging Fruit NWHA 2019 Annual Conference Marriott Downtown Waterfront Hotel February 20 22, 2019 Session Speakers &amp; Moderator Speakers Dain Bates, Biologist, Idaho Power Company Hallie Meushaw, Attorney, Troutman Sanders

287 views • 4 slides
Data Format is Code's Destiny: Security Anti-Patterns Of Protocol Design. Sergey Bratus with

Data Format is Code's Destiny: Security Anti-Patterns Of Protocol Design. Sergey Bratus with

The Seven Turrets of Babel: Data Format is Code's Destiny: Security Anti-Patterns Of Protocol Design. Sergey Bratus with Falcon Momot Sven Hallberg Meredith L. Patterson Economics Pen test, code audit &quot;2+2&quot; : 2 persons, 2

443 views • 41 slides
Strange Fruit Abel Meeropol Southern trees bear strange fruit Blood on the leaves and blood at

Strange Fruit Abel Meeropol Southern trees bear strange fruit Blood on the leaves and blood at

Strange Fruit Abel Meeropol Southern trees bear strange fruit Blood on the leaves and blood at the root Black bodies swinging in the southern breeze Strange fruit hanging from the popular trees Pastoral scene of the gallant south The bulging

718 views • 34 slides
Principles and Patterns 26 February, 2020 Recap Principles Patterns Inheritance Anti-patterns

Principles and Patterns 26 February, 2020 Recap Principles Patterns Inheritance Anti-patterns

Principles and Patterns 26 February, 2020 Recap Principles Patterns Inheritance Anti-patterns Lecture overview agile development agile design principles and patterns software testing Principles and Patterns Recap Principles

1.04k views • 89 slides
1 Theres a kernel security researcher named Dan Rosenberg whose done a lot of linux kernel

1 Theres a kernel security researcher named Dan Rosenberg whose done a lot of linux kernel

1 Theres a kernel security researcher named Dan Rosenberg whose done a lot of linux kernel vulnerability research Thats unavoidable, but the linux kernel developers dont do very much to make the situation any better. -- Basically, the

625 views • 36 slides
WEED SPECIES AND THEIR EMERGENCE PATTERNS UNDER METHYL BROMIDE AND ALTERNATIVE FUMIGANTS IN FRUIT

WEED SPECIES AND THEIR EMERGENCE PATTERNS UNDER METHYL BROMIDE AND ALTERNATIVE FUMIGANTS IN FRUIT

WEED SPECIES AND THEIR EMERGENCE PATTERNS UNDER METHYL BROMIDE AND ALTERNATIVE FUMIGANTS IN FRUIT NURSERIES *Anil Shrestha 1 , Greg T. Browne 2 , Bruce D. Lampinen 3 , Sally Schneider 4 , Leo Simon 5 , and Tom Trout 6 1 Univ. of California,

294 views • 4 slides
Anti-Spiking Provisions of Chapter 32 (for Board Members) November &amp; December, 2012 John

Anti-Spiking Provisions of Chapter 32 (for Board Members) November &amp; December, 2012 John

Anti-Spiking Provisions of Chapter 32 (for Board Members) November &amp; December, 2012 John Boorack Actuarial Associate Public Employee Retirement Administration Commission Chapter 176 of the Acts of 2011 Two anti-spiking provisions

483 views • 15 slides
The Impact of Coronavirus on Corporate Anti-Bribery Efforts Speakers Nathaniel B. Edmonds Jason

The Impact of Coronavirus on Corporate Anti-Bribery Efforts Speakers Nathaniel B. Edmonds Jason

WEBINAR The Impact of Coronavirus on Corporate Anti-Bribery Efforts Speakers Nathaniel B. Edmonds Jason A. Jones Gavin Proudley Paul Hastings King &amp; Spalding Dow Jones Risk &amp; Compliance 2 The Perspective of Regulators and

244 views • 8 slides
www.film-english.com by Kieran Donaghy

www.film-english.com by Kieran Donaghy

www.film-english.com by Kieran Donaghy

242 views • 8 slides
Regulation for competition Real medicine for markets or life- extending elixir for regulatory

Regulation for competition Real medicine for markets or life- extending elixir for regulatory

Regulation for competition Real medicine for markets or life- extending elixir for regulatory quacks? Kings College lunchtime lecture 8 May 2014 Professor Amelia Fletcher ESRC Centre for Competition Policy University of East Anglia Two key

1.02k views • 33 slides
Outline Return address protections ASLR and counterattacks CSci 5271 Introduction to Computer

Outline Return address protections ASLR and counterattacks CSci 5271 Introduction to Computer

Outline Return address protections ASLR and counterattacks CSci 5271 Introduction to Computer Security W X (DEP) Low-level defenses and counterattacks Announcements (combined lecture) Return-oriented programming (ROP) Stephen McCamant

699 views • 12 slides
2019 Latin American Protests A series of protests Exploring pro and anti- that shocked the

2019 Latin American Protests A series of protests Exploring pro and anti- that shocked the

&lt;Your Name&gt; 2019 Latin American Protests A series of protests Exploring pro and anti- that shocked the region at the end government movements during of 2019. the 2019 Ecuadorian protests They started in Haiti, followed by

387 views • 17 slides
Fight against 1-day exploits: Diffing Binaries vs Anti-diffing Binaries Jeongwook

Fight against 1-day exploits: Diffing Binaries vs Anti-diffing Binaries Jeongwook

Fight against 1-day exploits: Diffing Binaries vs Anti-diffing Binaries Jeongwook Oh(mat@monkey.org,oh.jeongwook@gmail.com) Jeongwook Oh works on eEye's flagship product called &quot;Blink&quot;. He develops traffic analysis module that filters

841 views • 60 slides
SANDBOXING How does a sandbox look like? Software or hardware appliances that receive suspicious

SANDBOXING How does a sandbox look like? Software or hardware appliances that receive suspicious

H ERE Claudio nex Guarnieri @botherder Security Researcher at Rapid7 Labs Core member of The Shadowserver Foundation Core member of The Honeynet Project Creator of Cuckoo Sandbox Founder of Malwr.com H ERE Mark

1.02k views • 89 slides

More recommend