User: Password:
|
|
Subscribe / Log in / New account

Attacking hardened Linux systems with kernel JIT spraying

Attacking hardened Linux systems with kernel JIT spraying

Posted Nov 19, 2012 16:00 UTC (Mon) by khim (subscriber, #9252)
In reply to: Attacking hardened Linux systems with kernel JIT spraying by cyanit
Parent article: Attacking hardened Linux systems with kernel JIT spraying

Well, if you wrote the kernel in a type-safe garbage-collected language (e.g. Java), then the static proof would be trivial since it is by construction impossible to violate the language invariants (assuming the VM and low-level support code is correct).

Unfortunately this small addition at the end makes the whole thing useless: simple interpreter mode for languages like Java are too slow and thus "VM and low-level support code" is typically comparable in complexity to OS kernel (in some sense it is an OS kernel).

The real reason is that apparently nobody cares enough to do the work.

No. The real reason is that it takes time and does not pay.


(Log in to post comments)

Attacking hardened Linux systems with kernel JIT spraying

Posted Nov 19, 2012 16:40 UTC (Mon) by drag (subscriber, #31333) [Link]

It's better to have buggy code that works now then it is to have something that may work in 30 years.

Attacking hardened Linux systems with kernel JIT spraying

Posted Nov 20, 2012 3:07 UTC (Tue) by liam (subscriber, #84133) [Link]

Is there any reason why this work couldn't be done it parallel with kernel development?
There are parts of the kernel that are only touched rarely (ex. block/deadline-iosched, though there are probably better examples).
It seems as though this type of analysis might be good long term project.
Of course, if it is truly infeasible for any but the least interesting parts of the kernel then it is a waste of time.

Attacking hardened Linux systems with kernel JIT spraying

Posted Nov 20, 2012 19:15 UTC (Tue) by mathstuf (subscriber, #69389) [Link]

> Of course, if it is truly infeasible for any but the least interesting parts of the kernel then it is a waste of time.

I suppose that since there's a high chance of it happening, the question boils down to: "What wins when the decision is between ABI compatibility and provably secure?"


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds