Re: [kernel-hardening] System call interface changes

All of lore.kernel.org
 help / color / mirror / Atom feed

From: lazytyped <lazytyped@gmail.com>
To: kernel-hardening@lists.openwall.com
Subject: Re: [kernel-hardening] System call interface changes
Date: Mon, 7 Dec 2015 17:26:44 +0100	[thread overview]
Message-ID: <5665B344.6030706@gmail.com> (raw)
In-Reply-To: <5665A94C.6060102@redhat.com>



On 12/7/15 4:44 PM, Florian Weimer wrote:
> On 11/24/2015 10:43 PM, Kees Cook wrote:
>
>> Cool. Well, we can certainly look at existing public exploits and
>> PoCs. That's what I've been trying to collect on the Kernel
>> Self-Protection Project wiki pages. There are plenty of things we
>> could add to that list from the ROP world. Maybe it'd be good to look
>> through various exploit lists to find stuff that use techniques that
>> are either missing from the wiki page or are better examples? Do you
>> (or someone else) have time to go on a research/collection exercise?
> The proposal I have (and which prompted the question about the system
> call interface) is to block execve because many proof-of-concept exploit
> use execve or system to spawn a shell or run arbitrary commands.
So just drop that privilege? Pretty much any operating system implements
a form of sandboxing/privilege/capability filtering. It's, of course,
application specific.

Keep in mind that blocking execve leaves open chown(), chmod(), mount()
and a large number of other system calls that can be leveraged to
achieve a similar result.


     -  twiz

next prev parent reply	other threads:[~2015-12-07 16:26 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-11-20 10:30 [kernel-hardening] System call interface changes Florian Weimer
2015-11-20 19:16 ` Rich Felker
2015-11-24 19:54   ` Florian Weimer
2015-11-24 20:29     ` Rich Felker
2015-11-24 20:10 ` Kees Cook
2015-11-24 20:54   ` Florian Weimer
2015-11-24 21:43     ` Kees Cook
2015-12-07 15:44       ` Florian Weimer
2015-12-07 16:26         ` lazytyped [this message]
2015-11-24 22:33     ` Rich Felker

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=5665B344.6030706@gmail.com \
    --to=lazytyped@gmail.com \
    --cc=kernel-hardening@lists.openwall.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.