We went through some of the bugs that we have worked on this past year and mentioned some of our thoughts on kernel security in general:
- We see an increasing attack surface, both locally and remotely (@font-face, webgl...)
- The recent focus on sandboxes (Chrome, Office) makes the kernel an even more interesting target
- Modern operating systems still generally lack facilities for discretionary privilege dropping or to reduce the kernel's attack surface (with the notable exception of SECCOMP on Linux)
- While most OS have some degree of userland memory corruption exploitation prevention, kernel exploitation prevention is immature. On Linux, PaX/grsecurity leads the effort and Microsoft added safe unlinking in the Windows 7 kernel.
Thank you for posting your slides.
ReplyDeleteExcellent presentation with amazing bugs. Although it is true that kernel exploitation mitigations are a bit behind when compared to userland, they are being increasingly adopted. I have written about the kernel exploitation mitigations on FreeBSD here: http://argp.gr/blog/2010/04/26/kernel-exploitation-mitigations/
ReplyDeleteBtw Julien I really enjoyed your Black Hat EU 2010 presentation as well.