About Ubuntu security
Kees Cook
kees at ubuntu.com
Tue Jul 31 00:29:11 UTC 2007
On Mon, Jul 30, 2007 at 05:15:34PM -0700, Ng, Cheon-woei wrote:
> Thanks for the excellent answers!
You're welcome! Your questions are forming the basis of my Ubuntu security
FAQ, so really I should be thanking you. :)
> I also have a question on the kernel memory space security.
>
> Based on an experiment created by Mark Allyn (my college), if a device
> driver (like audio driver) is poorly written without boundary check, a
> user could exploits that security hole and can easily read or write to
> anywhere in the kernel memory space via an interface like /dev/audio.
>
> Is there any security features in Ubuntu that prevent such exploit? So
> far the only solution mentioned is to submit all device drivers for
> rigorous peers review.
Do you mean the /dev/mem interface, or that in general, device drivers
have access to all of kernel memory?
I am currently unaware of any in-kernel memory segmentation plans.
There are upstream plans to implement a form of stack-protection for
kernel functions, which should help minimize some attack vectors in
buggy drivers.
As for /dev/mem, I will need to check the state of progress. There are
no Ubuntu-specific changes that I know of, but I know there was work in
various upstreams (e.g. kernel and X.org) to deal with the identified
deficiencies with that interface.
-Kees
--
Kees Cook
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-server/attachments/20070730/fb5e876a/attachment.pgp>
More information about the ubuntu-server
mailing list