kernel security anti patterns low hanging fruit
play

Kernel Security Anti-Patterns: Low Hanging Fruit - PowerPoint PPT Presentation

Aug 19, 2022 •149 likes •254 views

Kernel Security Anti-Patterns: Low Hanging Fruit http://outflux.net/slides/2013/lss/fruit.pdf gholzer Linux Security Summit, New Orleans 2013 Kees Cook <keescook@google.com> (pronounced Case) Overview Anti-pattern awareness

  1. Kernel Security Anti-Patterns: Low Hanging Fruit http://outflux.net/slides/2013/lss/fruit.pdf gholzer Linux Security Summit, New Orleans 2013 Kees Cook <keescook@google.com> (pronounced “Case”)

  2. Overview ● Anti-pattern awareness ● Finding anti-patterns ● Format strings ● String manipulation ● Double-reads ● USB ● Keeping anti-patterns fixed Low Hanging Fruit 2/10 Linux Security Summit 2013 May 21, 2013

  3. Anti-pattern Awareness ● Plenty of known general anti-patterns – Busy waiting, hard coding, … – http://en.wikipedia.org/wiki/Anti-pattern ● Security anti-patterns are less well known ● Document security anti-patterns for kernel? – We've got scripts/checkpatch.pl Low Hanging Fruit Linux Security Summit 2013

  4. Finding Anti-patterns ● Actually go look when you see something ugly – printk(buffer); – strncpy(destination, source, strlen(source)); – read, alloc, read again – complex parsing of binary structures (USB!) Low Hanging Fruit Linux Security Summit 2013

  5. Format strings ● printk(buffer); → printk(“%s”, buffer); ● Lots of stuff accidentally pass strings that are ultimately parsed as format strings – CVE-2013-2851 – CVE-2013-2852 ● Use gcc to help – -Wformat -Wformat-security -Werror=format-security – Dumb about const char * ● %n is dangerous with limited real utility Low Hanging Fruit Linux Security Summit 2013

  6. String manipulation ● strncpy(destination, source, strlen(source)); – Unlike snprintf, does not NULL terminate – Want to always end with NULL? strlcpy – Want to never end with NULL? memcpy – Regardless, check destination size – ISCSI unauth remote stack overflow CVE-2013-2850 ● Never used unchecked copy_from/to_user – Various graphics drivers – Always verify userspace reads (yay SMAP) Low Hanging Fruit Linux Security Summit 2013

  7. Double-reads struct something { unsigned int size; unsigned char data[]; }; unsigned int tmp, pos; struct something *kernel_data; copy_from_user( &tmp , user_data, sizeof(tmp) ); kernel_data = malloc( tmp ); copy_from_user( kernel_data , user_data, tmp ); for (pos = 0; pos < kernel_data->size ; pos++) { do_something(kernel_data->data[pos]); } Low Hanging Fruit Linux Security Summit 2013

  8. USB ● HID Report Descriptors – Mistakes are similar to double-read – 12 CVEs found in a week – Verification done with a Facedancer ● Future – Mass-storage – Webcam Low Hanging Fruit Linux Security Summit 2013

  9. Keeping Anti-patterns Fixed ● Remove dangerous functions or side effects – Remove %n again ● Strong gcc defaults – Future: gcc plugins from PaX ● Coccinelle – Tests can run from the tree: scripts/coccinelle/ ● Smatch – Show Dan Carpenter things to catch Low Hanging Fruit Linux Security Summit 2013

  10. Questions? http://outflux.net/slides/2013/lss/fruit.pdf keescook@{chromium.org,google.com} kees@outflux.net Low Hanging Fruit Linux Security Summit 2013

Recommend

IT Security Pick the Low Hanging Fruit First ! A little bit about me Degree in Computer

IT Security Pick the Low Hanging Fruit First ! A little bit about me Degree in Computer

Breakout Session Sept. 29 th , 2016 IT Security Pick the Low Hanging Fruit First ! A little bit about me Degree in Computer Science Began my professional IT career in 1982 at Dow Chemical Held technical engineering positions

309 views • 27 slides
Picking the Low- -Hanging Fruit: Hanging Fruit: Picking the Low Saving Money and Energy?

Picking the Low- -Hanging Fruit: Hanging Fruit: Picking the Low Saving Money and Energy?

Picking the Low- -Hanging Fruit: Hanging Fruit: Picking the Low Saving Money and Energy? Energy? Saving Money and Robert K. Kaufmann Disrupting the Status Quo in Electric Energy Management: A Systems Approach to a Sustainable Energy

500 views • 6 slides
patterns and anti-patterns m e a n s D E P E N D E N C I E S L I A B I L I T Y O P I N I O N AT

patterns and anti-patterns m e a n s D E P E N D E N C I E S L I A B I L I T Y O P I N I O N AT

patterns and anti-patterns m e a n s D E P E N D E N C I E S L I A B I L I T Y O P I N I O N AT E D P R O D F O R A L L Firebase Functions User Browser (Auth, Assets, DB, Security) (running Angular) Auth0 Firebase User Browser

609 views • 19 slides
NLP: Going for low-hanging fruit 1 Introduction NL o ff ers many hard problems But NL features

NLP: Going for low-hanging fruit 1 Introduction NL o ff ers many hard problems But NL features

Introduction Introduction Some low-hanging fruit in computational discourse Some low-hanging fruit in computational discourse Conclusion Conclusion NLP: Going for low-hanging fruit 1 Introduction NL o ff ers many hard problems But NL features

398 views • 13 slides
Nix-on-Droid when the low-hanging fruit is also the ripest one Alexander Sosedkin (@t184256)

Nix-on-Droid when the low-hanging fruit is also the ripest one Alexander Sosedkin (@t184256)

Nix-on-Droid when the low-hanging fruit is also the ripest one Alexander Sosedkin (@t184256) recently Red Hat, formerly a plasma physicist 2019-10-26 Running your favourite userland on mobile devices Get rid of Android and port your distro

657 views • 21 slides
SWEN 262 Engineering of Software Subsystems Anti-Patterns References An anti pattern is a common

SWEN 262 Engineering of Software Subsystems Anti-Patterns References An anti pattern is a common

SWEN 262 Engineering of Software Subsystems Anti-Patterns References An anti pattern is a common response to a recurring problem that is usually ineffective and risks being highly counterproductive. Anti Patterns: Refactoring

389 views • 9 slides
Algorithm Design Patterns and Anti-Patterns Algorithm design patterns. Ex. Greed. O(n log n)

Algorithm Design Patterns and Anti-Patterns Algorithm design patterns. Ex. Greed. O(n log n)

Algorithm Design Patterns and Anti-Patterns Algorithm design patterns. Ex. Greed. O(n log n) interval scheduling. Divide-and-conquer. O(n log n) FFT. Dynamic programming. O(n 2 ) edit distance. Duality. O(n 3 ) bipartite

626 views • 21 slides
Privacy Design Patterns and Anti-Patterns Patterns Misapplied and Unintended Consequences Nick

Privacy Design Patterns and Anti-Patterns Patterns Misapplied and Unintended Consequences Nick

Privacy Design Patterns and Anti-Patterns Patterns Misapplied and Unintended Consequences Nick Doty &amp; Mohit Gupta UC Berkeley, School of Information Privacy-by-Design ... in practice for designers and developers of technologies document

266 views • 11 slides
Software Architecture Anti-Patterns R. Kuehl p. 1 R I T Software Engineering What are

Software Architecture Anti-Patterns R. Kuehl p. 1 R I T Software Engineering What are

Software Architecture Anti-Patterns R. Kuehl p. 1 R I T Software Engineering What are Anti-patterns? An AntiPattern describes a commonly occurring solution to a problem that generates decidedly negative consequences. Happens

380 views • 6 slides
11/13/17 Crucified Peoples Strange Fruit Southern trees bear a strange fruit Blood on the

11/13/17 Crucified Peoples Strange Fruit Southern trees bear a strange fruit Blood on the

11/13/17 Crucified Peoples Strange Fruit Southern trees bear a strange fruit Blood on the leaves, blood at the root Black bodies swinging in the Southern breeze Strange fruit hanging from the poplar trees Pastoral scene of the gallant South

368 views • 3 slides
Low Hanging Fruit NWHA 2019 Annual Conference Marriott Downtown Waterfront Hotel February 20

Low Hanging Fruit NWHA 2019 Annual Conference Marriott Downtown Waterfront Hotel February 20

Low Hanging Fruit NWHA 2019 Annual Conference Marriott Downtown Waterfront Hotel February 20 22, 2019 Session Speakers &amp; Moderator Speakers Dain Bates, Biologist, Idaho Power Company Hallie Meushaw, Attorney, Troutman Sanders

287 views • 4 slides
Data Format is Code's Destiny: Security Anti-Patterns Of Protocol Design. Sergey Bratus with

Data Format is Code's Destiny: Security Anti-Patterns Of Protocol Design. Sergey Bratus with

The Seven Turrets of Babel: Data Format is Code's Destiny: Security Anti-Patterns Of Protocol Design. Sergey Bratus with Falcon Momot Sven Hallberg Meredith L. Patterson Economics Pen test, code audit &quot;2+2&quot; : 2 persons, 2

443 views • 41 slides
Strange Fruit Abel Meeropol Southern trees bear strange fruit Blood on the leaves and blood at

Strange Fruit Abel Meeropol Southern trees bear strange fruit Blood on the leaves and blood at

Strange Fruit Abel Meeropol Southern trees bear strange fruit Blood on the leaves and blood at the root Black bodies swinging in the southern breeze Strange fruit hanging from the popular trees Pastoral scene of the gallant south The bulging

718 views • 34 slides
Principles and Patterns 26 February, 2020 Recap Principles Patterns Inheritance Anti-patterns

Principles and Patterns 26 February, 2020 Recap Principles Patterns Inheritance Anti-patterns

Principles and Patterns 26 February, 2020 Recap Principles Patterns Inheritance Anti-patterns Lecture overview agile development agile design principles and patterns software testing Principles and Patterns Recap Principles

1.04k views • 89 slides
1 Theres a kernel security researcher named Dan Rosenberg whose done a lot of linux kernel

1 Theres a kernel security researcher named Dan Rosenberg whose done a lot of linux kernel

1 Theres a kernel security researcher named Dan Rosenberg whose done a lot of linux kernel vulnerability research Thats unavoidable, but the linux kernel developers dont do very much to make the situation any better. -- Basically, the

625 views • 36 slides
WEED SPECIES AND THEIR EMERGENCE PATTERNS UNDER METHYL BROMIDE AND ALTERNATIVE FUMIGANTS IN FRUIT

WEED SPECIES AND THEIR EMERGENCE PATTERNS UNDER METHYL BROMIDE AND ALTERNATIVE FUMIGANTS IN FRUIT

WEED SPECIES AND THEIR EMERGENCE PATTERNS UNDER METHYL BROMIDE AND ALTERNATIVE FUMIGANTS IN FRUIT NURSERIES *Anil Shrestha 1 , Greg T. Browne 2 , Bruce D. Lampinen 3 , Sally Schneider 4 , Leo Simon 5 , and Tom Trout 6 1 Univ. of California,

294 views • 4 slides
Anti-patterns What is an Anti-Pattern? A pattern is a named, proven approach to solving a

Anti-patterns What is an Anti-Pattern? A pattern is a named, proven approach to solving a

Anti-patterns What is an Anti-Pattern? A pattern is a named, proven approach to solving a technical problem in a context with generally positive consequences. . An anti-pattern is a named, common approach to solving a technical problem with

131 views • 11 slides
Security Patterns M. Schumacher, E. Fernandez-Buglioni, D. Hybertson, F. Bushmann, and P.

Security Patterns M. Schumacher, E. Fernandez-Buglioni, D. Hybertson, F. Bushmann, and P.

Security Patterns M. Schumacher, E. Fernandez-Buglioni, D. Hybertson, F. Bushmann, and P. Sommerlad, Security Patterns: Integrating Security and Systems Engineering, John Wiley and Sons Ltd., 2006 Lecture outline What is pattern? What is

1.04k views • 83 slides
Patterns and Anti-Patterns of Tech Leadership @laurapatersonuk @patkua ABOUT US ABOUT US

Patterns and Anti-Patterns of Tech Leadership @laurapatersonuk @patkua ABOUT US ABOUT US

Patterns and Anti-Patterns of Tech Leadership @laurapatersonuk @patkua ABOUT US ABOUT US @laurapatersonuk Laura Paterson Architect Tech Lead Coach Project Manager ABOUT US @patkua Patrick Kua Architect Tech Lead Author Coach

719 views • 71 slides
www.fruitflyhotel.com www.pcm-global.com EVER HAD: Pesky Fruit Fly insurgence around your

www.fruitflyhotel.com www.pcm-global.com EVER HAD: Pesky Fruit Fly insurgence around your

www.fruitflyhotel.com www.pcm-global.com EVER HAD: Pesky Fruit Fly insurgence around your household Unwanted Fruit Fly guests at social gatherings Fruit Flies endlessly diving into your wine glass Fruit Flies feasting on your fruit, vegetables

332 views • 18 slides
Anti-patterns for Diversity Stop doing the same thing and expecting different results Naomi

Anti-patterns for Diversity Stop doing the same thing and expecting different results Naomi

Anti-patterns for Diversity Stop doing the same thing and expecting different results Naomi Ceder, @NaomiCeder But first, a commercial PSF meeting Room: Barria1 When: right after lightning talks Who: EVERYONE What: updates

316 views • 29 slides
Linux Kernel Security Update LinuxCon Europe Berlin, 2016 James Morris

Linux Kernel Security Update LinuxCon Europe Berlin, 2016 James Morris

Linux Kernel Security Update LinuxCon Europe Berlin, 2016 James Morris james.l.morris@oracle.com Introduction Who am I? Kernel security subsystem maintainer Started kernel development w/ FreeS/WAN in 1999 which led to Netfilter,

798 views • 48 slides
fruit has been picked, now what? Erika Bailey-Johnson University Sustainability Coordinator

fruit has been picked, now what? Erika Bailey-Johnson University Sustainability Coordinator

The ACUPCC has been signed, the low hanging fruit has been picked, now what? Erika Bailey-Johnson University Sustainability Coordinator Bill Maki Vice President for Finance and Administration Bemidji State University Minnesota State

433 views • 16 slides
Black Kernel Rot Malady of Pecan B Wood, C Bock, l Wells, T Cottrell, M Hotchkiss Black Kernel

Black Kernel Rot Malady of Pecan B Wood, C Bock, l Wells, T Cottrell, M Hotchkiss Black Kernel

Black Kernel Rot Malady of Pecan B Wood, C Bock, l Wells, T Cottrell, M Hotchkiss Black Kernel Rot: What is it? Black Kernel Rot: Black Phase Black Kernel Rot: Brown Phase Sampling of Fruit for Black Kernel Rot Malady (Lenny

661 views • 35 slides

More recommend