The Kernel Self-Protection project aims to make Linux more secure

Conclusions

You can bet the Linux kernel has many more security problems that aren't yet listed in the CVE databases. The goal of the Kernel Self-Protection is to establish self-defense functions such as address space layout randomization to make the attacker's task more difficult and limit the damage of a successful attack.

When it comes to safe programming practices, doing one thing doesn't mean giving up on another. Targeted code reviews and intensive quality management should be an essential part of any programming effort.

Infos

  1. OpenBSD security page: https://www.openbsd.org/security.html
  2. "In send_dg, the recvfrom function is NOT always using the buffer size of a newly created buffer," CVE-2015-7547: https://sourceware.org/bugzilla/show_bug.cgi?id=18665
  3. Patch for CVE-2015-7547: https://www.sourceware.org/ml/libc-alpha/2016-02/msg00416.html
  4. Corbet, Jonathan. "Kernel vulnerabilities: old or new?": https://lwn.net/Articles/410606/
  5. Kernel Self-Protection: https://www.kernel.org/doc/html/latest/security/self-protection.html
  6. The GNU C Library Reference Manual, "Executing a File": https://www.gnu.org/software/libc/manual/html_node/Executing-a-File.html
  7. C0ntex. "Bypassing non-executable-stack during exploitation using return-to-libc": http://infosecwriters.com/text_resources/pdf/return-to-libc.pdf
  8. Dang, Maniatis, and Wagner. "The Performance Cost of Shadow Stacks and Stack Canaries": https://people.eecs.berkeley.edu/~daw/papers/shadow-asiaccs15.pdf

The Author

Tobias Eggendorfer is a professor of IT security in Ravensburg-Weingarten and a freelance IT consultant (http://www.eggendorfer.info).

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Kernel Security

    A vulnerability in an operating system kernel is a security nightmare. This article analyzes some well known kernel security problems, explains how they are exploited, and gives real-life examples of attacks that used these time-honored techniques.

  • AppArmor

    After penetrating a remote system, intruders might think they are home and dry, but AppArmor spoils the fun, locking the miscreants in a virtual cage.

  • Security and SOHO Routers

    Home and small office networks typically place their security in the hands of an inexpensive device that serves as a router, DHCP server, firewall, and wireless hotspot. How secure are these SOHO router devices? We're glad you asked …

  • Security Bugs in Kernel and Rsync

    Security researchers at Secunia have reported two security bugs in the Rsync synchronization tool and one in the current Linux kernel.

  • Kernel News

    This month in Kernel News: Dealing with Older GCC Versions; and On-boarding New Kernel Hackers.

comments powered by Disqus
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters

Support Our Work

Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.

Learn More

News