Stories
Slash Boxes
Comments

SoylentNews is people

posted by cmn32480 on Wednesday November 11 2015, @09:17PM   Printer-friendly
from the your-code-looks-like-swiss-cheese dept.

The Washington Post published an article today which describes the ongoing tension between the security community and Linux kernel developers. This has been roundly denounced as FUD, with Rob Graham going so far as to claim that nobody ever attacks the kernel.

Unfortunately he's entirely and demonstrably wrong, it's not FUD and the state of security in the kernel is currently far short of where it should be.

[Here is] an example. Recent versions of Android use SELinux to confine applications. Even if you have full control over an application running on Android, the SELinux rules make it very difficult to do anything especially user-hostile. Hacking Team, the GPL-violating Italian company who sells surveillance software to human rights abusers, found that this impeded their ability to drop their spyware onto targets' devices. So they took advantage of the fact that many Android devices shipped a kernel with a flawed copy_from_user() implementation that allowed them to copy arbitrary userspace data over arbitrary kernel code, thus allowing them to disable SELinux.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by MichaelDavidCrawford on Thursday November 12 2015, @11:47AM

    by MichaelDavidCrawford (2339) Subscriber Badge <mdcrawford@gmail.com> on Thursday November 12 2015, @11:47AM (#262112) Homepage Journal

    The iOS - as far as we know - uses a port of the Mac OS X kernel xnu. xnu is a massive fork of BSD. While it is built around the Mach microkernel, Mach is statically-linked, it doesn't run in a separate process as Andy envisioned.

    Every last userspace process on iOS runs as root. Surely Apple had some good reason to make that choice but it strikes me as a very, very bad idea. The ARM cores employed in iOS devices _do_ have hardware memory management, so what we have is security enforced by the iOS sandbox rather than by the usual UNIX permissions model.

    Many of those programs are built from Open Source. While a generally reluctant participant in the Open Source and Free Software communities, Apple _does_ release source for those programs [apple.com] when it ships new firmware builds.

    • Do.
    • Yer.
    • Worst.
    --
    Yes I Have No Bananas. [gofundme.com]
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2