Stories
Slash Boxes
Comments

SoylentNews is people

Google Beefs Up Linux Kernel Defenses in Android

posted by n1 on Saturday July 30 2016, @07:21PM   Printer-friendly
from the beef-but-no-bacon dept.

Arthur T Knackerbracket has found the following story:

Future versions of Android will be more resilient to exploits, thanks to developers' efforts to integrate the latest Linux kernel defenses into the operating system.

Android's security model relies heavily on the Linux kernel that sits at its core. As such, Android developers have always been interested in adding new security features that are intended to prevent potentially malicious code from reaching the kernel, which is the most privileged area of the operating system.

[...] One new configuration option called CONFIG_DEBUG_RODATA segments the kernel memory into multiple sections and limits how much of this memory is writeable and executable. Attackers need writeable and executable memory pages in order to inject malicious code into them via exploits, and then run that code with kernel privileges.

Another config option, called CONFIG_CPU_SW_DOMAIN_PAN, prevents the kernel from directly accessing user space memory, giving attackers even less control over where their exploits can execute code.

Also reported at The Register.

Original Submission

 
This discussion has been archived. No new comments can be posted.
Google Beefs Up Linux Kernel Defenses in Android | Log In/Create an Account | Top | 15 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by dltaylor on Saturday July 30 2016, @11:24PM

    by dltaylor (4693) on Saturday July 30 2016, @11:24PM (#382096)

    While the Linux kernel does have some documented security weaknesses, the REAL problem with Android is the crap that Google allows, starting with allowing manufacturers to abandon phones, tablets, and devices without security updates. "Heartbleed" will be fixed on a billion Android devices when?

    Secondly, it's the spyware, like the voicemail app on my phone that would like to scrape voicemails from my provider, ship them to a server God-knows-where to be datamined, and, presumably (never signed up) sent back as text. For one thing, there's no "Disable" button for it, and EVERYTHING, even Google's own apps, should have one, and secondarily, there's enough horsepower in the phone to translate the speech to text locally, without going outside the box.

    In my case, the damages are minimal, because I have a "no-data" plan, and leave the WiFi off, except for a few minutes, here and there, when I need to download someone's multimedia text. It's still annoying to have half the phone's memory eaten up by crapware I have no intention of using.

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2  

  • (Score: -1, Troll) by Anonymous Coward on Saturday July 30 2016, @11:34PM

    by Anonymous Coward on Saturday July 30 2016, @11:34PM (#382101)

    Cool story, rms jr.

  • (Score: 2) by Hyperturtle on Sunday July 31 2016, @05:39PM

    by Hyperturtle (2824) on Sunday July 31 2016, @05:39PM (#382327)

    I resist the use of Android phones because I still cling to that motto of "you get what you pay for". That can be via individual effort or direct financial transactions.

    It's not worth the cost to me to ensure an android phone provides me the privacy I want out of it. It's simply a loss in my mind. It's too hard for the return I think I'd get. The return on investment does not exist favorably enough for me to make the commitment to it -- I mean, the OS was designed from the ground up to get people to accept advertising. They gave it away for FREE! It's not like Linux free, it's Corporate Handshake free!

    That you are upset that half the phone it tied up trying to run crapware you don't care about... sounds like you paid for the wrong product.