About Ubuntu security

Kees Cook kees at ubuntu.com
Tue Jul 31 00:29:11 UTC 2007


On Mon, Jul 30, 2007 at 05:15:34PM -0700, Ng, Cheon-woei wrote:
> Thanks for the excellent answers!

You're welcome!  Your questions are forming the basis of my Ubuntu security
FAQ, so really I should be thanking you.  :)

> I also have a question on the kernel memory space security.  
> 
> Based on an experiment created by Mark Allyn (my college), if a device
> driver (like audio driver) is poorly written without boundary check, a
> user could exploits that security hole and can easily read or write to
> anywhere in the kernel memory space via an interface like /dev/audio.
> 
> Is there any security features in Ubuntu that prevent such exploit? So
> far the only solution mentioned is to submit all device drivers for
> rigorous peers review. 

Do you mean the /dev/mem interface, or that in general, device drivers
have access to all of kernel memory?

I am currently unaware of any in-kernel memory segmentation plans.
There are upstream plans to implement a form of stack-protection for
kernel functions, which should help minimize some attack vectors in
buggy drivers.

As for /dev/mem, I will need to check the state of progress.  There are
no Ubuntu-specific changes that I know of, but I know there was work in
various upstreams (e.g. kernel and X.org) to deal with the identified
deficiencies with that interface.

-Kees

-- 
Kees Cook
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-server/attachments/20070730/fb5e876a/attachment.pgp>


More information about the ubuntu-server mailing list