Difference between revisions of "Kernel Self Protection Project/Work"

From Linux Kernel Security Subsystem
Jump to navigation Jump to search
(→‎Specific TODO Items: add github tracker)
(the issue track is canonical now)
 
Line 1: Line 1:
= Work Areas =
= Work Areas =


The [[Kernel Self Protection Project]] has a lot of work to do! While there are already a number of upstream [[Feature List|kernel security features]], we are still missing many. The following is far from a comprehensive list, but it's at least a starting point we can add to:
The [[Kernel Self Protection Project]] has a lot of work to do! While there are already a number of upstream [[Feature List|kernel security features]], we are still missing many.
 
For the list of specific items and desired features, see the [https://github.com/KSPP/linux/issues KSPP Issue Tracker].
 
General concepts and concerns are here:
 


== [[Bug Classes]] ==
== [[Bug Classes]] ==
Line 21: Line 26:
* [[Exploit Methods/Userspace data usage|Userspace data usage]]
* [[Exploit Methods/Userspace data usage|Userspace data usage]]
* [[Exploit Methods/Reused code chunks|Reused code chunks]]
* [[Exploit Methods/Reused code chunks|Reused code chunks]]
= Specific TODO Items =
Besides the general work outlined above, there are number of specific tasks that have either been asked about frequently or are otherwise in need some time and attention. This list below is slightly out of date, and we are transitioning to better tracking here:
https://github.com/KSPP/linux/issues
== Kernel items ==
* Split thread_info off of kernel stack (Done: x86, arm64, s390, powerpc. Needed on arm and others?)
* Move kernel stack to vmap area (Done: x86, s390. Needed on arm, arm64, powerpc and others?)
* Implement kernel relocation and KASLR for ARM
* Make CONFIG_STRICT_KERNEL_RWX and CONFIG_STRICT_MODULE_RWX mandatory (done for arm64 and x86, other archs still need it)
* Further restriction of perf_event_open (e.g. perf_event_paranoid=3)
* Extend HARDENED_USERCOPY to split user-facing kmalloc()s and in-kernel kmalloc()
* split short-lived kmalloc()s from long-lived kmalloc()s
* split user-size-controlled kmalloc()s from regular kmalloc()s
* protect ARM vector table as fixed-location kernel target
* disable kuser helpers on arm
* add constant-blinding tests to lib/test_bpf.c
* rename CONFIG_DEBUG_LIST better and default=y
* create defconfig "make" target for by-default hardened Kconfigs
* expand use of __ro_after_init, especially in arch/arm64
* restrict autoloading of kernel modules (like GRKERNSEC_MODHARDEN) ([http://www.openwall.com/lists/kernel-hardening/2017/02/02/21 Timgad LSM])
* set_memory_*() needs __must_check and/or atomicity
* refactor tasklets to avoid unsigned long argument (WIP: Romain Perier <romain.perier@gmail.com>, "rperier" on FreeNode)
* have kfree() (and related) set the pointer to NULL too
* create per-task stack canary (Done: x86, arm, arm64, powerpc. Needed on s390 and others?)
* deprecate strcpy() in favor of strscpy()
* deprecate strlcpy() in favor of strscpy()
* deprecate strncpy() in favor of strscpy(), strscpy_pad(), or str2mem_pad()
* fix sizeof_field() vs SIZEOF_FIELD() vs FIELD_SIZEOF() (WIP: Shyam Saini <mayhs11saini@gmail.com>)
* expand use of opt-in mult/div/add/sub overflow wrappers
* WARN on kfree() of ERR_PTR range (WIP: Shyam Saini <mayhs11saini@gmail.com>)
* add detection for double-reads
* add FORTIFY_SOURCE checks to strscpy*()
* add static_branch for iopl removal (and zeroing?)
* enhance objtool to search for ROP gadgets
* signed integer overflow detection
* unsigned integer overflow detection
* exec brute force detection
== Compiler items ==
* Write a plugin to do format string warnings correctly (gcc's -Wformat-security is bad about const strings)
* Finish Clang implementation of __randomize_layout
* Implement clearing of caller-saved regs (https://github.com/clearlinux-pkgs/gcc/blob/master/zero-regs-gcc8.patch)

Latest revision as of 18:41, 10 August 2020

Work Areas

The Kernel Self Protection Project has a lot of work to do! While there are already a number of upstream kernel security features, we are still missing many.

For the list of specific items and desired features, see the KSPP Issue Tracker.

General concepts and concerns are here:


Bug Classes

Exploitation Methods