zoukankan      html  css  js  c++  java

  • Android: protecting the kernel

    Linux内置安全机制

    • Address space separation/process isolation
    • unix permissions
    • DAC capabilities
    • SELinux
    • seccomp
    • namespaces

    内核Top 漏洞分类(按数量排序包括Core kernel 与 Vendor drivers,数据日期January 2014 -> April 2016)

    1. missing/incorrect bounds check
    2. null pointer defeference
    3. information leak
    4. missing permission check
    5. use after free
    6. race condition
    7. memory corruption(other)
    8. other
    9. integer overflow
    10. uninitialized data

    利用缓解,安全机制- missing/incorrect bounds check(Landing in upstream kernel!)

    • Hardened usercopy
      • Protect against incorrect bounds checking in copy_*_user()
    • PAN emulation
      • Protect against kernel access to userspace bypassing hardened usercopy changes.
    • Stack protector strong
    • protects against stack buffer overflows
    • KASLR (arm64 android-4.4 kernel)
    • Makes code reuse attacks probabilistic
    • PXN - make userspace non-executable for the kernel
      • Protects against ret2user attacks
    • RODATA - mark kernel memory as read-only/no-execute
      • Makes code non-writeable, and data non-executable

    漏洞利用缓解机制 - null pointer dereference

    • CONFIG_LSM_MMAP_MIN_ADDR
      • Make null pointer dereference unexploitable (just crash)
    • PAN emulation also make null pointer
      • dereference non-exploitable

    一些安全建议

    Android主线上的内核代码质量要优于厂商驱动代码:
    - 厂商如何提升驱动代码安全质量? Step2
    - Compiler changes e.g. integer overflow checking(clang 3.5+与gcc 5.0+都有integer overflow 检测)
    - Scripts e.g. checkpatch.pl (checkpatch.pl可执行质量和简单漏洞检测)
    - Runtime changes - e.g. PAN enforce proper use of copy_*_user() (Privileged Access Never)
    - KASAN (内存错误检测)
    - Constification (const声明)

    利用缓解 - 减少攻击面(Linux权限模型,与SEAndroid策略配置)Setp1

    • Restrict access to perf(限制perf访问)
      • Access to perf_event_open() is disabled by default.
      • Developers may re-enable access via debug shell
    • Remove access to debugfs (限制debugfs访问,Android N完全禁止APP访问)
      • All app access to debugfs removed in N
    • Remove default access to /sys (白名单限制/sys访问)
      • App access to files in /sys must be whitelisted
    • Seccomp required for all devices (minijail shoutout!)

    驱动代码安全质量控制:

      1. 安全编码规范,动静态安全检查(KASAN,checkpatch.pl等),安全编译选项
      2. 打开所有漏洞利用缓解机制
      3. 通过SELinux策略与Linux权限控制,减小驱动接口攻击面
  • 相关阅读:
    函数节流
    ios12兼容性问题,调用原生接口,判断系统为ios12
    谷歌浏览器跨域
    超过两行...,只有两行或少于两行无...且没有查看更多文字 关键思路:超过两行...用ellipsis,但是为了判断文字是否多余两行,所以要获取节点的高度,如果大于两行则文字出现,否则没有更多文字
    Object.assign 浅拷贝还是深拷贝
    用instanceof判断数组类型
    322.零钱兑换(动态规划和贪心)
    面试题59
    tcp四次挥手
    tcp连接的三次握手
  • 原文地址:https://www.cnblogs.com/gm-201705/p/9863966.html
Copyright © 2011-2022 走看看