Explore the advancements in bounds checking for C and the Linux kernel in this 46-minute conference talk. Delve into the challenges of heap buffer overflow flaws in C code and the compiler's limitations in preventing them. Learn about the history of the "flex array member" (FAM) in C language specifications and the introduction of -fstrict-flex-arrays for unambiguous array size declarations. Discover how the Linux kernel builds upon these improvements by transforming arrays, implementing __builtin_dynamic_object_size(), enhancing defenses like FORTIFY_SOURCE, and expanding compiler knowledge for improved sanitizers. Explore the potential of a new struct member attribute to extend object size tracking to all array types, aiming to eliminate persistent buffer overflow vulnerabilities in Linux.
Progress on Bounds Checking in C and the Linux Kernel
Overview
Syllabus
Progress On Bounds Checking in C and the Linux Kernel - Kees Cook, Google & Gustavo A.R. Silva
Taught by
Linux Foundation
Tags
Related Courses
-
Meaningful Bounds Checking in the Linux Kernel - Addressing Buffer Overflows
-
Meaningful Bounds Checking in the Linux Kernel
-
Flexible Array Transformations and Array-bounds Checking in Linux Kernel
-
Mitigating Integer Overflow in C
-
Security Features Status Update for Linux Kernel Toolchains
-
Making C Less Dangerous in the Linux Kernel
