On Mon, Jul 30, 2007 at 05:15:34PM -0700, Ng, Cheon-woei wrote: > Thanks for the excellent answers!
You're welcome! Your questions are forming the basis of my Ubuntu security FAQ, so really I should be thanking you. :) > I also have a question on the kernel memory space security. > > Based on an experiment created by Mark Allyn (my college), if a device > driver (like audio driver) is poorly written without boundary check, a > user could exploits that security hole and can easily read or write to > anywhere in the kernel memory space via an interface like /dev/audio. > > Is there any security features in Ubuntu that prevent such exploit? So > far the only solution mentioned is to submit all device drivers for > rigorous peers review. Do you mean the /dev/mem interface, or that in general, device drivers have access to all of kernel memory? I am currently unaware of any in-kernel memory segmentation plans. There are upstream plans to implement a form of stack-protection for kernel functions, which should help minimize some attack vectors in buggy drivers. As for /dev/mem, I will need to check the state of progress. There are no Ubuntu-specific changes that I know of, but I know there was work in various upstreams (e.g. kernel and X.org) to deal with the identified deficiencies with that interface. -Kees -- Kees Cook
signature.asc
Description: Digital signature
-- ubuntu-server mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
