Joined February 2010
- Tweets 435
- Following 109
- Followers 4,862
- Likes 397
24 Photos and videos
6 Nov 2022
Today's the 7th anniversary of founding the Kernel Self-Protection Project!
lore.kernel.org/kernel-harde…
We've come a long way, but there's still lots more work to do. :)
2
3
60
3 Nov 2022
If you can't switch your C to Rust immediately, consider at least enabling all the sanity checking the compiler can already do for free:
-Wall
-D_FORTIFY_SOURCE=2
-fsanitize=bounds fsanitize-undefined-trap-on-error
-fstrict-flex-arrays (GCC 13 , Clang 16 )
12
71
437
9 Oct 2022
I've started trying to document the various things I've learned about using Coccinelle to match code patterns in the Linux kernel here:
github.com/kees/kernel-tools…
It's hardly complete, but I wanted to start keeping notes somewhere I could find later. :)
1
9
69
7 Oct 2022
I looked through these RCEs: they appear to all be command injection. (Though the MS issues don't have much detail.) Notably, there aren't any memory safety issues. But this is also more about web/net services, and command injection is the low hanging fruit in that environment.
2
3
23
7 Oct 2022
On Linux there's at least 2 ways to mitigate these kinds of attacks:
- easy: seccomp filter of "exec" system call
- better: MAC (e.g. AppArmor, SELinux, etc) to block both "exec" and limit unexpected path traversals and file accesses
1
2
20
4 Oct 2022
Thank you @samitolvanen, Peter, Joao, @nullmodem, @embeddedgus, @nathanchance, Nick, Sedat, Josh, and everyone else who helped get KCFI developed and landed!
git.kernel.org/linus/865dad2…
2
9
38
19 Sep 2022
I think -Wimplicit-fallthrough should be enabled by -Wall. Right now it's only on with -Wextra. Thoughts?
6
1
14
8 Sep 2022
We've finally landed the run-time memcpy() overflow warning patch in linux-next:
git.kernel.org/pub/scm/linux…
So now I'm constantly reloading a search on lore, checking if anyone has run into new instances on real work loads. :P
lore.kernel.org/all/?q="de…
1
18
54
8 Aug 2022
So many interesting finds in this research! I struggle to fit even one in a tweet:
"... while we may not be decreasing the # of vulns... there are indications [of] ... a notion of maturity, where vulns will be mostly absent from code older than a specific point in the past."
8 Aug 2022
How Long Do Vulnerabilities Live in the Code? A Large-Scale Empirical Measurement Study on FOSS Vulnerability Lifetimes | USENIX usenix.org/conference/usenix…
1
10
27 Jun 2022
Here are my notes on how I've been doing "no binary change" analysis of Linux kernel patches that are meant to not change executable output, motivated by our efforts to replace 1-element arrays with proper flexible arrays:
outflux.net/blog/archives/20…
tl;dr: diffoscope
5
32
17 Jun 2022
Fantastic write-up, confirms the benefits of CFI and auto-var-init:
"automatic variable initialization ... kill[s] a whole class of bugs, but it also breaks some useful exploit primitives."
"[kernel]CFI is arguably the mitigation that takes the most effort to bypass"
16 Jun 2022
This is probably the most complex exploit I've done so far. A UAF in Android kernel freed by kfree_rcu (introduces a delay) in a tight race kCFI Samsung RKP. Yet its still possible to gain arbitrary kernel RW, disable SE and root from untrusted app. github.blog/2022-06-16-the-a…
2
30
6 May 2022
Everyone please go add -ftrivial-auto-var-init=zero to your default build flags. :)
6 May 2022
GCC 12.1 Released! Lots of great improvements! gcc.gnu.org/pipermail/gcc/20…
5
17
98
4 May 2022
Here's a new API for dealing with bounds-checking flexible array structs in C (i.e. to replace open-coded memcpy():
lore.kernel.org/linux-harden…
These new helpers got redesigned so many times before I was happy with them. :P
2
2
22
22 Apr 2022
events.linuxfoundation.org/l…
The Linux Security Summit NA 2022 schedule is up! Come join us: Austin, TX, USA June 23/24.
2
2
13
18 Apr 2022
noncombatant.org/2022/04/22/…
@fugueish: "A big part of the purpose — or, potential — for public vulnerability announcements and reports is to teach and learn, mature the engineering culture, and above all to avoid repeating these problems"
i.e. "actually describe the flaw in detail"
1
1
11
5 Apr 2022
It feels a little bit like archaeology, but here are my notes on security things in Linux v5.10: addfd, SEV-ES, static calls, pRNG improvement, SafeSetID with gid, set_fs removal, sysfs_emit, nosymfollow, MTE, UBSAN-discovered fixes, and flex array work.
outflux.net/blog/archives/20…
9
36
28 Mar 2022
I'm really happy to see kernel IBT support land. Coarse-grained forward edge CFI! (Supported on Tigerlake and later Intel systems, and Zen3 and later AMD systems.)
git.kernel.org/linus/7001052…
9
22
24 Mar 2022
Based on the excellent by worLdle, I have replaced the country data with US states, and present: statele
outflux.net/statele/
16
7
46