wiki:FutureHaiku/Security

Version 7 (modified by pulkomandy, 6 years ago) ( diff )

--

Low-Hanging Fruit

  • Audit filesystem privilege checks
  • Audit permissions of all folders in the default install
  • Audit all syscalls & ioctls (_control) for privilege checks.
    • _area functions probably need a lot of thinking here
  • Run the userland as a non-privileged user
  • Fuzz all in-tree parsers
    • driver settings format
    • message
    • rdef
  • getentropy and arc4random (https://review.haiku-os.org/#/c/haiku/+/32/)
  • secure memory allocation (non-swappable and erased on free, eg. mmap + mlock)

Moderate

  • W^X (now done for kernelspace)
  • Don't allow opening files by inode (requires ABI break)
  • devfs filemodes
  • Spectre mitigations via GCC flags

Advanced

Already done

  • SMEP/SMAP
  • ASLR
  • execute disable
Note: See TracWiki for help on using the wiki.