[ubuntu-hardened] LTS Enablement Stacks; newer kernel (with new security features) and system security.

John Johansen john.johansen at canonical.com
Thu Feb 23 12:21:13 UTC 2017 

On 02/23/2017 02:21 AM, daniel curtis wrote:
> 
> ​Hi Casey and John
> 
> Thank You both for an answers. John, I think you're right by saying, that "new features may introduce bugs but may also introduce new security features​ (...)" Especially I'm interested in so called "copy to/from user restrictions" feature. If it's about KASLR mechanism, I've read that it's not such a good thing (see: 1.)
> 
> I know, that it's only opinion made by Mr Brad Spender, but it's very interesting. Of course, I don't criticize the KASLR feature! I think it's needed and so on. I just want to know as many as possible opinions on various things etc. Nothing more, nothing less.
> 
> I think, that I will "need to evaluate risk/reward at an individual kernel/feature level". Just as you've wrote, John. Anyway, thanks once again for your opinions. It really helped me to understand all of this.
> 

The copy to/from user restrictions features in known as "hardened usercopy" and it helps prevent common bugs in dealing with moving data to/from userspace. For a more in depth description I'll refer you to Kees's blog (just search "hardened usercopy"). Kees keeps a nice blog about security features going into the kernel

https://outflux.net/blog/

it covers lots of different things that might interest you. You might also be interested in following the KSPP mailing list (http://www.openwall.com/lists/kernel-hardening/) which is where much of the kernel hardening work is being coordinated.


As for Brad's criticisms on KASLR he is not wrong in that it does not prevent attacks. However when combined with other techniques it does make attacks harder to carry out and even block some. Any ASLR is vulnerable to information leaks as it relies on the attacker not knowing memory layout. There are certainly attacks that can by-pass ASLR or even discover the memory layout via brute force or side channel attacks but they are not always viable. Think of ASLR as just one layer in a multilayered defence. Generally speaking I think you are better off with KASLR than without despite its weaknesses, and if you look at Kees's blog you will find that it has been getting better.

More information about the ubuntu-hardened mailing list