|
|
Subscribe / Log in / New account

Horn: Mitigations are attack surface, too

[Posted February 12, 2020 by corbet]

On the Google Project Zero blog, Jann Horn looks at a number of vulnerabilities in a Samsung Android kernel, some of which are caused by the addition of out-of-tree "security" features. "The Samsung kernel on the A50 contains an extra security subsystem (named 'PROCA', short for 'Process Authenticator', with code in security/proca/) to track process identities. By combining several logic issues in this subsystem (which, on their own, can already cause a mismatch between the tracking state and the actual process state) with a brittle code pattern, it is possible to cause memory unsafety by winning a race condition."
to post comments

Horn: Mitigations are attack surface, too

Posted Feb 12, 2020 18:10 UTC (Wed) by Deleted user 129183 (guest, #129183) [Link] (13 responses)

Google heroically solving problems that they caused themselves, I see.

Horn: Mitigations are attack surface, too

Posted Feb 12, 2020 18:48 UTC (Wed) by pkern (subscriber, #32883) [Link] (12 responses)

How so? After all this seems to have been an out of tree patch by Samsung?

Horn: Mitigations are attack surface, too

Posted Feb 12, 2020 20:12 UTC (Wed) by clugstj (subscriber, #4020) [Link]

Just generic Google bashing

Horn: Mitigations are attack surface, too

Posted Feb 12, 2020 23:39 UTC (Wed) by Deleted user 129183 (guest, #129183) [Link] (10 responses)

> How so?

They encouraged, or at least didn’t try to prevent, the Android fragmentation. They had the tools to discourage it: for example, they could have not allowed to use Android trademark by vendors who tried to add ‘device-specific code’ without contributing it to the upstream. So we ended with completely dysfunctional “ecosystem” where there’s no one “Android” system: instead, we have millions of incompatible forks, with all its implications, including security implications, as described in the article.

Horn: Mitigations are attack surface, too

Posted Feb 13, 2020 1:23 UTC (Thu) by pizza (subscriber, #46) [Link] (7 responses)

Allowing "fragmentation" (aka "proprietary value add") is the primary reason Android succeeded.

As for upstream contribution, remember this is the same Google that replaced every GPL userspace with a more permissively licensed one. Meanwhile, they're working on doing that for the Linux kernel too.

Meanwhile, when Google attempts to attach conditions to the use of its trademarks have them up on antitrust charges in multiple jurisdictions.

Horn: Mitigations are attack surface, too

Posted Feb 13, 2020 4:30 UTC (Thu) by pj (subscriber, #4506) [Link] (4 responses)

> Allowing "fragmentation" (aka "proprietary value add") is the primary reason Android succeeded.

IMO "proprietary value add" belongs as apps or as a HAL with a standardized API (ala Project Treble), not in Android core. Requiring non-software companies to maintain their own fork of an OS is just insane.

Horn: Mitigations are attack surface, too

Posted Feb 13, 2020 8:06 UTC (Thu) by tuna (guest, #44480) [Link] (3 responses)

If you want to do new unique hardware (like little.Big cores, double screens, other stuff) you will need to change the core system. It is actually about freedom for manufacturers which makes it possible to have freedom for end users as well.

Horn: Mitigations are attack surface, too

Posted Feb 15, 2020 10:23 UTC (Sat) by oldtomas (guest, #72579) [Link] (1 responses)

" [...] freedom for manufacturers which makes it possible to have freedom for end users as well"

Now this is one bold claim.

Based on experience, I'd say the results are very mixed, in both directions?

Horn: Mitigations are attack surface, too

Posted Feb 15, 2020 11:50 UTC (Sat) by tuna (guest, #44480) [Link]

You can compare how much freedom end users had on Windows phones. On some of Android phones (like Sony XPeria Z3) it is possible to run a fully free operating system (with the need for some blobs for certain hardware enablement).

Horn: Mitigations are attack surface, too

Posted Feb 18, 2020 10:24 UTC (Tue) by immibis (subscriber, #105511) [Link]

And then they can contribute that code upstream, to comply.

Horn: Mitigations are attack surface, too

Posted Feb 13, 2020 8:01 UTC (Thu) by ILMostro (guest, #105083) [Link] (1 responses)

The question then becomes, did Linux succeed in-spite of GPL or because of it? And, where does it go through Google's vision?

Horn: Mitigations are attack surface, too

Posted Feb 14, 2020 9:24 UTC (Fri) by dvdeug (guest, #10998) [Link]

I don't think there's any claim that Linux could have succeeded without being Free Software. I doubt going semi-free would have worked; a lot of early distribution was done on commercial CD-ROMs, that couldn't have been done with a NC license, and many commercial companies kicked in over the years. We can debate whether the BSD license would have worked; I think GPL is better, but the AT&T lawsuit made the legal status of BSD between 1992 and 1994 confusing, which gave Linux some time to grab market and mind share.

I think it's clear that Linux and the BSDs smoked commercial Unixes, and I think it's clear that's because they were open systems that both individual hackers and various companies could use and distribute. MacOS X is the major commercial Unix left, and they're playing a game that only Apple really successfully plays. The rest is legacy systems and possibly certain huge or specialized systems.

Horn: Mitigations are attack surface, too

Posted Feb 13, 2020 13:32 UTC (Thu) by tuna (guest, #44480) [Link] (1 responses)

What would happen if upstream would not accept the contributed code? It would be pretty crazy for Google to have their trademark policy depend on Linus Thorvalds and others.

Horn: Mitigations are attack surface, too

Posted Feb 18, 2020 10:23 UTC (Tue) by immibis (subscriber, #105511) [Link]

Upstream from Samsung is Google.

Horn: Mitigations are attack surface, too

Posted Feb 13, 2020 8:58 UTC (Thu) by bangert (subscriber, #28342) [Link] (1 responses)

It is sad how obvious his conclusions are.

There is a huge disconnect between the top security researchers and the bulk of the IT Security industry - to the degree that they are actually saying the opposite of each other.

Horn: Mitigations are attack surface, too

Posted Feb 15, 2020 7:10 UTC (Sat) by xophos (subscriber, #75267) [Link]

Researchers care about actual safety. The it security industry just sells snake oil to make money.


Copyright © 2020, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds