Version 11 (modified by 6 years ago) ( diff ) | ,
---|
Already done
W^X
for the kernel- SMEP/SMAP
- ASLR & KASLR
- NX bit
Low-Hanging Fruit
- Audit filesystem privilege checks
- Audit permissions of all folders in the default install
- Audit all syscalls & ioctls (_control) for privilege checks.
- _area functions probably need a lot of thinking here
- Run the userland as a non-privileged user
- Fuzz all in-tree parsers
- driver settings format
- message
- rdef
- getentropy & arc4random (https://review.haiku-os.org/#/c/haiku/+/32/)
- secure memory allocation (non-swappable and erased on free, eg. mmap + mlock, https://github.com/gpg/libgcrypt/blob/master/src/secmem.c)
Moderate
- Don't allow opening files by inode (requires ABI break)
- maybe recursively checking permissions by recreating the path would do? (we don't support hardlinks on BFS anyway)
- devfs filemodes
- Spectre mitigations via GCC flags
Advanced
- NetBSD/FreeBSD's KLEAK: Detecting Kernel Memory Disclosures
- OpenBSD on mitigating ROP gadgets
- AT_BENEATH and other breakout mitigations for VFS
- Meltdown?
Far Out
- Capability-based permissions (Android-style, disableable & re-enableable), probably added to executable resources (+ package flags for letting the user agree on install?)
Note:
See TracWiki
for help on using the wiki.