[Slides] There's a party at Ring0 (and you're invited)

Sat, 24 Sep 2011 16:18:42 +0200

Authors: Julien Tinnes Tavis Ormandy
Tags: kernel
Event: Black Hat USA 2010
Abstract: Getting to ring0 is the final step towards complete system compromise and can also be the most fun. In the course of one year, we have found around twenty kernel vulnerabilities, mostly in Windows and Linux, some of them being uncovered after ten or fifteen years of existence. We share some of this work and demonstrate some exploits, bugs and techniques.

[Slides] Security In-Depth for Linux Software

Tue, 14 Sep 2010 10:40:00 +0200

Authors: Julien Tinnes Chris Evans
Tags: security secure development
Event: Hack In The Box 2009 Malaysia

[Paper] Security in depth for Linux software

Tue, 22 Jun 2010 06:03:56 +0200

Authors: Julien Tinnes Chris Evans
Tags: security
Event: Black Hat EU 2010
Abstract: In many designs, the slightest error in the source code may become an exploitable vulnerability granting an attacker barely or not at all restricted access to a system. In this talk, using vsftpd and Google Chrome Linux as examples, we will firstly show how to design your code to be more robust to well-known classes of vulnerabilities and secondly, how to generically mitigate the consequences of such a vulnerability by dropping privileges and reducing attack surfaces. There are a surprising number of options in Linux to manage privileges, but using them tends to be nuanced. This talk will discuss the technical aspects of various options and explain how to mix them to raise the bar to a system compromise from a sophisticated attacker. While Mandatory Access Control systems are readily available, three of them being merged in the current Linux kernel tree, the ability to drop privileges in a "discretionary" way has to often rely on ancient mechanisms (which may not have been designed for security). We will show the state of the art on Linux and how well-known mechanisms, such as switching to an unprivileged uid, using chroot() and capabilities may or may not be suitable to achieve decent privilege dropping. We will discuss their drawbacks, availabilities to non-root processes and how an incorrect usage could be exploited by an attacker to circumvent security measures. We will then explain and demonstrate designs, some of them using novel ideas or obscure features that can allow developers to put error-prone parts of their code inside a sandbox, using vsftpd and the Google Chrome Linux sandbox as examples. We will discuss their limitations and how further kernel support could improve them.

SecDocs Feed for author Julien Tinnes

[Slides] There's a party at Ring0 (and you're invited)

[Slides] Security In-Depth for Linux Software

[Paper] Security in depth for Linux software