Explore the critical issue of buffer overflow vulnerabilities in the Linux Kernel through this 46-minute conference talk from linux.conf.au 2022. Delve into the challenges of heap buffer overflows and learn why compiler-based detection has been difficult despite having sufficient context. Examine real-world examples from the past three years of heap buffer overflow CVEs, including the BleedingTooth exploit. Discover the ongoing efforts to develop solutions for array index overflows, string manipulation overflows, and memcpy overflows in the Linux kernel. Gain insights into C language limitations, kernel coding conventions, and compiler bugs that have hindered progress. Follow the evolution of C flexible arrays, understand the shortcomings of compiler options like "-Warray-bounds" and "-fsanitize=bounds", and learn about the limitations of "__builtin_object_size". Finally, explore how memcpy is being replaced to prevent future overflow vulnerabilities, enhancing the security of the Linux Kernel.
Overview
Syllabus
"Meaningful Bounds Checking in the Linux Kernel" - Kees Cook (LCA 2022 Online)
Taught by
linux.conf.au
Related Courses
-
Meaningful Bounds Checking in the Linux Kernel - Addressing Buffer Overflows
-
Progress on Bounds Checking in C and the Linux Kernel
-
Reverse Engineering Linux 32-bit Applications
-
Flexible Array Transformations and Array-bounds Checking in Linux Kernel
-
Making C Less Dangerous in the Linux Kernel
-
Security Features Status Update for Linux Kernel Toolchains
