Android: protecting the kernel
Posted gm-201705
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了Android: protecting the kernel相关的知识,希望对你有一定的参考价值。
Linux内置安全机制
- Address space separation/process isolation
- unix permissions
- DAC capabilities
- SELinux
- seccomp
- namespaces
- …
内核Top 漏洞分类(按数量排序包括Core kernel 与 Vendor drivers,数据日期January 2014 -> April 2016)
- missing/incorrect bounds check
- null pointer defeference
- information leak
- missing permission check
- use after free
- race condition
- memory corruption(other)
- other
- integer overflow
- uninitialized data
利用缓解,安全机制- missing/incorrect bounds check(Landing in upstream kernel!)
- Hardened usercopy
- Protect against incorrect bounds checking in copy_*_user()
- PAN emulation
- Protect against kernel access to userspace bypassing hardened usercopy changes.
- Stack protector strong
- protects against stack buffer overflows
- KASLR (arm64 android-4.4 kernel)
- Makes code reuse attacks probabilistic
- PXN - make userspace non-executable for the kernel
- Protects against ret2user attacks
- RODATA - mark kernel memory as read-only/no-execute
- Makes code non-writeable, and data non-executable
漏洞利用缓解机制 - null pointer dereference
- CONFIG_LSM_MMAP_MIN_ADDR
- Make null pointer dereference unexploitable (just crash)
- PAN emulation also make null pointer
- dereference non-exploitable
一些安全建议
Android主线上的内核代码质量要优于厂商驱动代码:
- 厂商如何提升驱动代码安全质量? Step2
- Compiler changes e.g. integer overflow checking(clang 3.5+与gcc 5.0+都有integer overflow 检测)
- Scripts e.g. checkpatch.pl (checkpatch.pl可执行质量和简单漏洞检测)
- Runtime changes - e.g. PAN enforce proper use of copy_*_user() (Privileged Access Never)
- KASAN (内存错误检测)
- Constification (const声明)
利用缓解 - 减少攻击面(Linux权限模型,与SEAndroid策略配置)Setp1
- Restrict access to perf(限制perf访问)
- Access to perf_event_open() is disabled by default.
- Developers may re-enable access via debug shell
- Remove access to debugfs (限制debugfs访问,Android N完全禁止APP访问)
- All app access to debugfs removed in N
- Remove default access to /sys (白名单限制/sys访问)
- App access to files in /sys must be whitelisted
- Seccomp required for all devices (minijail shoutout!)
驱动代码安全质量控制:
- 安全编码规范,动静态安全检查(KASAN,checkpatch.pl等),安全编译选项
- 打开所有漏洞利用缓解机制
- 通过SELinux策略与Linux权限控制,减小驱动接口攻击面
以上是关于Android: protecting the kernel的主要内容,如果未能解决你的问题,请参考以下文章
poj 3262 Protecting the Flowers
POJ 3362 Protecting the Flowers
POJ3262 Protecting the Flowers 贪心