Overview
Syllabus
Intro
Making C Less Dangerous in the Linux kernel
Kernel Self Protection Project
C as a fancy assembler: almost machine code
C as a fancy assembler: undefined behavior
Variable Length Arrays and alloca () are bad
Variable Length Arrays are slow
Variable Length Arrays: stop it
Switch case fall-through: new "statement"
Always-initialized local variables: just do it
Always-initialized local variables: switch gotcha
Arithmetic overflow detection: gcc?
Arithmetic overflow detection: Clang :
Bounds checking: explicit checking is slow
Instead of sprintf(): scnprintf()
Instead of memcpy: uhhh ... be ... careful?
Bounds checking: memory tagging :
Control Flow Integrity: indirect calls
CFI, forward edges: just call pointers
CFI, forward edges: enforce prototype :
CFI, backward edges: two stacks
CFI, backward edges: shadow call stack
CFI, backward edges: hardware support
Where is the Linux kernel now?
Challenges in Kernel Security Development
Taught by
linux.conf.au