Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 18 Oct 2016 15:13:00 +0200
From: Jann Horn <jann@...jh.net>
To: Vaishali Thakkar <vaishali.thakkar@...cle.com>
Cc: kernel-hardening@...ts.openwall.com,
	Julia Lawall <julia.lawall@...6.fr>
Subject: Re: Use-after-free and management of reference
 counts

On Tue, Oct 18, 2016 at 05:52:46PM +0530, Vaishali Thakkar wrote:
> Hi,
> 
> Recently I studied the reported CVEs of last 2 years and there were
> fair number of use-after-free bugs. Usually we also see many reports
> of use-after-free bugs in the LKML [reported by one or other tools].
> 
> Also, at Kernel recipes Jonathan Corbet  mentioned reference counts as
> a security issue. I believe if we have more kernel hardening patches
> then we can avoid such bugs. I was wondering if there is some ongoing
> work in the both [use-after-free and management of reference counts]
> of these areas?

Use-after-frees are really hard to deal with. I think I saw some patch
semi-recently for randomizing kernel allocations, to make it harder to
exploit memory safety bugs, but actually fixing use-after-free is a
really hard problem.

For reference counting, refcount overdecrements are pretty much as
hard to deal with as UAFs, but for refcount overincrements, you can
take a look at Elena Reshetova's refcount hardening patch series (see
http://www.openwall.com/lists/kernel-hardening/2016/10/10/1).

Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.