The Kernel Self-Protection project aims to make Linux more secure

Conclusions

You can bet the Linux kernel has many more security problems that aren't yet listed in the CVE databases. The goal of the Kernel Self-Protection is to establish self-defense functions such as address space layout randomization to make the attacker's task more difficult and limit the damage of a successful attack.

When it comes to safe programming practices, doing one thing doesn't mean giving up on another. Targeted code reviews and intensive quality management should be an essential part of any programming effort.

Infos

  1. OpenBSD security page: https://www.openbsd.org/security.html
  2. "In send_dg, the recvfrom function is NOT always using the buffer size of a newly created buffer," CVE-2015-7547: https://sourceware.org/bugzilla/show_bug.cgi?id=18665
  3. Patch for CVE-2015-7547: https://www.sourceware.org/ml/libc-alpha/2016-02/msg00416.html
  4. Corbet, Jonathan. "Kernel vulnerabilities: old or new?": https://lwn.net/Articles/410606/
  5. Kernel Self-Protection: https://www.kernel.org/doc/html/latest/security/self-protection.html
  6. The GNU C Library Reference Manual, "Executing a File": https://www.gnu.org/software/libc/manual/html_node/Executing-a-File.html
  7. C0ntex. "Bypassing non-executable-stack during exploitation using return-to-libc": http://infosecwriters.com/text_resources/pdf/return-to-libc.pdf
  8. Dang, Maniatis, and Wagner. "The Performance Cost of Shadow Stacks and Stack Canaries": https://people.eecs.berkeley.edu/~daw/papers/shadow-asiaccs15.pdf

The Author

Tobias Eggendorfer is a professor of IT security in Ravensburg-Weingarten and a freelance IT consultant (http://www.eggendorfer.info).

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • AppArmor

    After penetrating a remote system, intruders might think they are home and dry, but AppArmor spoils the fun, locking the miscreants in a virtual cage.

  • Security and SOHO Routers

    Home and small office networks typically place their security in the hands of an inexpensive device that serves as a router, DHCP server, firewall, and wireless hotspot. How secure are these SOHO router devices? We're glad you asked …

  • Security Bugs in Kernel and Rsync

    Security researchers at Secunia have reported two security bugs in the Rsync synchronization tool and one in the current Linux kernel.

  • ARP Spoofing

    Any user on a LAN can sniff and manipulate local traffic. ARP spoofing and poisoning techniques give an attacker an easy way in.

  • Intrusion 101

    You need to think like an attacker to keep your network safe. We asked security columnist Kurt Seifried for an inside look at the art of intrusion.

comments powered by Disqus

Direct Download

Read full article as PDF:

Price $2.95

News