[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1453221128.3734.26.camel@decadent.org.uk>
Date: Tue, 19 Jan 2016 16:32:08 +0000
From: Ben Hutchings <ben@...adent.org.uk>
To: kernel-hardening@...ts.openwall.com, linux-kernel@...r.kernel.org
Subject: Re: [kernel-hardening] 2015 kernel CVEs
On Tue, 2016-01-19 at 14:28 +0300, Dan Carpenter wrote:
> I like to look back over old CVEs to see how we could do better. Here
> is the list from 2015. I got most of this information from the Ubuntu
> CVE tracker. Thanks Ubuntu!. If it doesn't have a hash that means it
> might not be fixed yet.
[...]
> CVE-2013-2015 0e9a9a1ad619: ext4: hang during mount
[...]
That's not *from* 2015.
You missed a few recent ones:
CVE-2015-7566 : Crash on invalid USB device descriptors in visor driver
CVE-2015-8550 54d5d882c7e4, 0f589967a73f, 68a33bfd8403, 1f13d75ccb80, 18779149101c, be69746ec12f, 8135cf8b0927: paravirtualized drivers incautious about shared memory contents
CVE-2015-8551 56441f3c8e5b, 5e0ce1455c09, a396f3a210c3, 7cfb905b9638, 408fb0e5aa7f: Linux pciback missing sanity checks leading to crash
CVE-2015-8552 56441f3c8e5b, 5e0ce1455c09, a396f3a210c3, 7cfb905b9638, 408fb0e5aa7f: Linux pciback missing sanity checks leading to crash
(There's some subtle distinction between the last two.)
[...]
> There was only a coupls CVEs that looks like they came from a filesystem
> fuzzer where you create a corrupt filesystems and then try use them.
> There was only one that might have come from a USB fuzzer. We probably
> should be testing those things better.
I think that hardening filesystems is a losing battle. We can fuzz
with and protect against invalid static filesystem images, but the full
problem includes malicious removable storage devices that can exploit
TOCTTOU issues. We should probably be encouraging distributions to
mount removable devices using FUSE and to run the filesystem code with
minimal privileges.
As for USB descriptors, I'm somewhat more hopeful about hardening. At
the same time, it seems like it should be practical to put more low-
performance USB drivers into userspace.
[...]
> A lot of the bugs are just really complicated things with funny corner
> cases, namespace issues or people just made mistake in the logic and
> it's hard to do anything about it.
We can add chicken bits so that admins who don't need certain features
can turn them off (or, inversely, those who do need them will need to
turn them on).
Ben.
--
Ben Hutchings
Horngren's Observation:
Among economists, the real world is often a special case.
Download attachment "signature.asc" of type "application/pgp-signature" (812 bytes)
Powered by blists - more mailing lists