The Kernel Self-Protection project aims to make Linux more secure
Conclusions
You can bet the Linux kernel has many more security problems that aren't yet listed in the CVE databases. The goal of the Kernel Self-Protection is to establish self-defense functions such as address space layout randomization to make the attacker's task more difficult and limit the damage of a successful attack.
When it comes to safe programming practices, doing one thing doesn't mean giving up on another. Targeted code reviews and intensive quality management should be an essential part of any programming effort.
Infos
- OpenBSD security page: https://www.openbsd.org/security.html
- "In send_dg, the recvfrom function is NOT always using the buffer size of a newly created buffer," CVE-2015-7547: https://sourceware.org/bugzilla/show_bug.cgi?id=18665
- Patch for CVE-2015-7547: https://www.sourceware.org/ml/libc-alpha/2016-02/msg00416.html
- Corbet, Jonathan. "Kernel vulnerabilities: old or new?": https://lwn.net/Articles/410606/
- Kernel Self-Protection: https://www.kernel.org/doc/html/latest/security/self-protection.html
- The GNU C Library Reference Manual, "Executing a File": https://www.gnu.org/software/libc/manual/html_node/Executing-a-File.html
- C0ntex. "Bypassing non-executable-stack during exploitation using return-to-libc": http://infosecwriters.com/text_resources/pdf/return-to-libc.pdf
- Dang, Maniatis, and Wagner. "The Performance Cost of Shadow Stacks and Stack Canaries": https://people.eecs.berkeley.edu/~daw/papers/shadow-asiaccs15.pdf
« Previous 1 2 3
Buy this article as PDF
(incl. VAT)