Widely Used But Out-Of-Tree Kees Cook (that's pronounced Case) - - PowerPoint PPT Presentation

widely used but out of tree
SMART_READER_LITE
LIVE PREVIEW

Widely Used But Out-Of-Tree Kees Cook (that's pronounced Case) - - PowerPoint PPT Presentation

Mar 02, 2024 782 likes •919 views

Widely Used But Out-Of-Tree Kees Cook (that's pronounced Case) kees.cook@canonical.com Linux Security Summit Boston, Aug 2010 http://people.canonical.com/~kees/slides/out-of-tree.pdf Internal use only 1 Agenda Past

slide-1
SLIDE 1

1 Internal use only

Widely Used But Out-Of-Tree

Kees Cook

(that's pronounced “Case”) kees.cook@canonical.com

Linux Security Summit Boston, Aug 2010

http://people.canonical.com/~kees/slides/out-of-tree.pdf

slide-2
SLIDE 2

2 Internal use only

Agenda

  • Past successes/compromises
  • Current successes
  • Living outside of mainline
  • Why isn't it upstream?
  • Cultural shift for the Linux kernel community
slide-3
SLIDE 3

3 Internal use only

Past successes/compromises (userspace)

  • SELinux
  • ASLR of stack, mmap, exec, brk (x86 mostly)
  • SECCOMP (x86 mostly)
  • TOMOYO
  • SMACK
  • AT_RANDOM
slide-4
SLIDE 4

4 Internal use only

Past successes/compromises (kernel)

  • mmap_min_addr
  • /dev/mem restrictions (x86 mostly)
  • CC_STACKPROTECTOR (x86 mostly)
slide-5
SLIDE 5

5 Internal use only

Current successes

  • AppArmor

– In for 5 years on SUSE, 4 on Ubuntu

  • Yama
slide-6
SLIDE 6

6 Internal use only

Living outside of mainline (part 1)

  • symlink/hardlink restrictions, 15 years old

– OpenWall, grsecurity, Ubuntu

  • partial NX emulation, 10 years old

– grsecurity, RedHat/Fedora, SUSE, Ubuntu

  • ASCII-armored addresses, 6 years old

– RedHat/Fedora, SUSE, Ubuntu (partially)

  • PTRACE restrictions, 4 years old?

– grsecurity, Ubuntu

slide-7
SLIDE 7

7 Internal use only

Living outside of mainline (part 2)

  • fifo, /proc, NPROC, SHM restrictions, 8 years old?

– OpenWall, grsecurity

  • RSBAC, 5 years old?

– Mandriva

  • mprotect, and a giant list of other things, many via PaX

– grsecurity

slide-8
SLIDE 8

8 Internal use only

Why isn't it upstream?

  • No one has tried
  • (Unreasonable) objections
slide-9
SLIDE 9

9 Internal use only

Objections (part 1)

  • “this is a hack”

– yet majority/many/some distros use it?

  • “... but at the cost of speed”

– why can't this be a choice?

slide-10
SLIDE 10

10 Internal use only

Objections (part 2)

  • “the perfect is the enemy of the good”

– defense against attack is, like biological systems, a matter of probability – better to have an imperfect heuristic than a missing perfect system – work around changes in userspace semantics (we are, after all, a Free Software community, right?) – “perfect” is absolutely impossible (kernel vulnerabilities frequently undermine all other defense systems)

slide-11
SLIDE 11

11 Internal use only

Cultural shift for the Linux kernel community

  • Acknowledge that vulnerabilities are a way
  • f life
  • Lose the prejudice against optional defense

mechanisms

  • Take responsibility to create a pro-actively

secure system

slide-12
SLIDE 12

12 Internal use only

Thank you for your time

kees.cook@canonical.com