Changes between Version 2 and Version 3 of FutureHaiku/Security
- Timestamp:
- Dec 11, 2018, 3:34:10 AM (6 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
FutureHaiku/Security
v2 v3 1 1 == Low-Hanging Fruit == 2 2 3 * Audit filesystem privilege checks 4 * Audit permissions of all folders in the default install 3 5 * Audit all syscalls & ioctls (_control) for privilege checks. 4 6 * _area functions probably need a lot of thinking here 5 7 * Run the userland as a non-privileged user 6 * Don't allow opening files by inode (requires ABI break)7 8 * Fuzz all in-tree parsers 8 9 * driver settings format 9 10 * message 10 11 * rdef 11 12 12 13 13 == Moderate == 14 14 15 * {{{W^X}}} 15 * {{{W^X}}} (now [https://git.haiku-os.org/haiku/commit/?id=cb0977326dd79327ff3e342816e0dd118019b058 done] for kernelspace) 16 * Don't allow opening files by inode (requires ABI break) 17 * devfs filemodes 16 18 17 19 == Advanced == 18 20 21 * [https://netbsd.org/gallery/presentations/maxv/kleak.pdf NetBSD/FreeBSD's KLEAK: Detecting Kernel Memory Disclosures] 19 22 * [https://www.openbsd.org/papers/eurobsdcon2018-rop.pdf OpenBSD on mitigating ROP gadgets] 20 23 * [https://twitter.com/tehjh/status/1046042401830309888?s=09 AT_BENEATH and other breakout mitigations for VFS]
