|
Message-ID: <20161018131300.GM14666@pc.thejh.net>
Date: Tue, 18 Oct 2016 15:13:00 +0200
From: Jann Horn <jann@...jh.net>
To: Vaishali Thakkar <vaishali.thakkar@...cle.com>
Cc: kernel-hardening@...ts.openwall.com,
Julia Lawall <julia.lawall@...6.fr>
Subject: Re: Use-after-free and management of reference
counts
On Tue, Oct 18, 2016 at 05:52:46PM +0530, Vaishali Thakkar wrote:
> Hi,
>
> Recently I studied the reported CVEs of last 2 years and there were
> fair number of use-after-free bugs. Usually we also see many reports
> of use-after-free bugs in the LKML [reported by one or other tools].
>
> Also, at Kernel recipes Jonathan Corbet mentioned reference counts as
> a security issue. I believe if we have more kernel hardening patches
> then we can avoid such bugs. I was wondering if there is some ongoing
> work in the both [use-after-free and management of reference counts]
> of these areas?
Use-after-frees are really hard to deal with. I think I saw some patch
semi-recently for randomizing kernel allocations, to make it harder to
exploit memory safety bugs, but actually fixing use-after-free is a
really hard problem.
For reference counting, refcount overdecrements are pretty much as
hard to deal with as UAFs, but for refcount overincrements, you can
take a look at Elena Reshetova's refcount hardening patch series (see
http://www.openwall.com/lists/kernel-hardening/2016/10/10/1).
Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.