News: 0000838732

  ARM Give a man a fire and he's warm for a day, but set fire to him and he's warm for the rest of his life (Terry Pratchett, Jingo)

Popov: Linux kernel heap quarantine versus use-after-free exploits

([Kernel] Dec 2, 2020 15:21 UTC (Wed) (corbet))


Alenxander Popov [1]describes his kernel heap-quarantine patches designed to protect the system against use-after-free vulnerabilities. " In July 2020, I got an idea of how to break this heap spraying technique for UAF exploitation. In August I found some time to try it out. I extracted the slab freelist quarantine from KASAN functionality and called it SLAB_QUARANTINE. If this feature is enabled, freed allocations are stored in the quarantine queue, where they wait to be actually freed. So there should be no way for them to be instantly reallocated and overwritten by UAF exploits. "



[1] https://a13xp0p0v.github.io/2020/11/30/slab-quarantine.html

"Had he and I but met
By some old ancient inn, But ranged as infantry,
We should have sat us down to wet And staring face to face,
Right many a nipperkin! I shot at him as he at me,
And killed him in his place.
I shot him dead because --
Because he was my foe, He thought he'd 'list, perhaps,
Just so: my foe of course he was; Off-hand-like -- just as I --
That's clear enough; although Was out of work -- had sold his traps
No other reason why.
Yes; quaint and curious war is!
You shoot a fellow down
You'd treat, if met where any bar is
Or help to half-a-crown."
-- Thomas Hardy