News: 0000838732

ARM Give a man a fire and he's warm for a day, but set fire to him and he's warm for the rest of his life (Terry Pratchett, Jingo)

Popov: Linux kernel heap quarantine versus use-after-free exploits

([Kernel] Dec 2, 2020 15:21 UTC (Wed) (corbet))

Reference: 0000838732
News link: https://lwn.net/Articles/838732/
Source link:

Alenxander Popov [1]describes his kernel heap-quarantine patches designed to protect the system against use-after-free vulnerabilities. " In July 2020, I got an idea of how to break this heap spraying technique for UAF exploitation. In August I found some time to try it out. I extracted the slab freelist quarantine from KASAN functionality and called it SLAB_QUARANTINE. If this feature is enabled, freed allocations are stored in the quarantine queue, where they wait to be actually freed. So there should be no way for them to be instantly reallocated and overwritten by UAF exploits. "

[1] https://a13xp0p0v.github.io/2020/11/30/slab-quarantine.html

It is a very humbling experience to make a multimillion-dollar mistake, but it
is also very memorable. I vividly recall the night we decided how to organize
the actual writing of external specifications for OS/360. The manager of
architecture, the manager of control program implementation, and I were
threshing out the plan, schedule, and division of responsibilities.

The architecture manager had 10 good men. He asserted that they could write
the specifications and do it right. It would take ten months, three more
than the schedule allowed.

The control program manager had 150 men. He asserted that they could prepare
the specifications, with the architecture team coordinating; it would be
well-done and practical, and he could do it on schedule. Furthermore, if
the architecture team did it, his 150 men would sit twiddling their thumbs
for ten months.

To this the architecture manager responded that if I gave the control program
team the responsibility, the result would not in fact be on time, but would
also be three months late, and of much lower quality. I did, and it was. He
was right on both counts. Moreover, the lack of conceptual integrity made
the system far more costly to build and change, and I would estimate that it
added a year to debugging time.
-- Frederick Brooks Jr., "The Mythical Man Month"