We went through some of the bugs that we have worked on this past year and mentioned some of our thoughts on kernel security in general:
- We see an increasing attack surface, both locally and remotely (@font-face, webgl...)
- The recent focus on sandboxes (Chrome, Office) makes the kernel an even more interesting target
- Modern operating systems still generally lack facilities for discretionary privilege dropping or to reduce the kernel's attack surface (with the notable exception of SECCOMP on Linux)
- While most OS have some degree of userland memory corruption exploitation prevention, kernel exploitation prevention is immature. On Linux, PaX/grsecurity leads the effort and Microsoft added safe unlinking in the Windows 7 kernel.