LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Attacking hardened Linux systems with kernel JIT spraying

Attacking hardened Linux systems with kernel JIT spraying

Posted Nov 20, 2012 8:55 UTC (Tue) by cmccabe (guest, #60281)
In reply to: Attacking hardened Linux systems with kernel JIT spraying by cyanit
Parent article: Attacking hardened Linux systems with kernel JIT spraying

Have you been frozen in a cave for a few years? Java has been the subject of a bunch of zero-day vulnerabilities lately.

By all means, continue burbling on about the magical, deadlock-free, realtime, garbage collected in kernel space, 1000 miles-per-gallon programming language, but at least try to pretend that you read the article and/or recent news.

It's also funny that you're advocating using a (presumably JITed) garbage collected programming language in the kernel, and this vulnerability exploits the BPF JIT.

(Log in to post comments)

Being unfairly fair

Posted Nov 20, 2012 11:56 UTC (Tue) by man_ls (subscriber, #15091) [Link]

To be fair, this vulnerability exploits a combination of JIT and direct execution. If all kernel code was JITted with the same VM, then this kind of attack would be useless.

To be even fairer, to the point of unfairness, Java may have had vulnerabilities e.g. in executing protected code; but no buffer overflows. In C, every time a pointer is not checked for null before jumping, or an array index is not checked to be within bounds, there is an opportunity for a security vulnerability. I would trade 1000s of vulnerabilities for a handful any time, if it was even feasible to run a kernel in a VM.

In real life a kernel cannot run in a VM because it would need a kernel to run the VM -- or the VM would become the kernel. This is the way of the microkernel, which is slow. Embedding a VM inside another VM has no advantages and only slows things down even more.

On the other hand there is no reason why a kernel cannot be written in an object-oriented, reference-counted language. I have been thinking for a long time that it would be a worthwhile project, but for some reason have not found the time to do it in my spare time. Perhaps Golang would be a worthwhile instrument for the task.

a kernel cannot run in a VM

Posted Nov 20, 2012 21:46 UTC (Tue) by Wol (guest, #4433) [Link]

That was my immediate reaction.

Sorry to say it, but cyanit doesn't seem to understand the difference between a kernel and a VM.

A VM provides a *virtual* computer so that the programs don't need to give a fig what the real hardware is.

A kernel must interface directly with the hardware and cannot afford to ignore any figs.

Running a kernel in a VM is likely to vanish in a puff of smoke as it gets lost in a mobius loop!

Cheers,
Wol

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds