Welcome to the toolchain track from the organizers.
There has been tons of work across both GCC and Clang to provide the Linux kernel with a variety of security features. Let's review and discuss where we are with parity between toolchains, approaches to solving open problems, and exploring new features.
Parity reached since last year:
- zero call-used registers
- structure layout randomization
Needs work:
- stack protector...
Potentially broken dependency orderings in the Linux kernel have been a recurring theme on the Linux kernel mailing list and even Linux Plumbers Conference. The Linux kernel community fears that with ever-more sophisticated compiler optimizations, it would become possible for modern compilers to undermine the Linux kernel memory consistency model when optimizing code for weakly-ordered...
The new CTF(Compact C Type Format) supported in libabigail is able
to extract a corpus representation for the debug information in
Kernel binary and its modules, i.e, entire Kernel release (kernel +
modules). Using CTF reader improvements the time to extract and build
the corpus compared with DWARF reader, for example, extracting ABI
information from the Linux ...
This activity is about programmable debuggers and their usage in the
Linux kernel. By "programmable debugger" we understand debuggers that
are able to understand the data structures handled by the target
program, and to operate on them guided by user-provided scripts or
programs.
First we will be doin a very brief presentation of two of these
debuggers: drgn and GDB+poke,...
Control-Flow Integrity (CFI) is a technique used to ensure that indirect
branches are not diverted from a pre-defined set of valid targets,
ensuring, for example, that a function pointer overwritten by an
exploited memory corruption bug is used to arbitrarily redirect the
control-flow of the program. The simpler way to achieve CFI is through
instrumenting the binary code being executed...