From: "Theodore Ts'o" <tytso@mit.edu>
To: kernel-hardening@lists.openwall.com
Cc: linux-kernel@vger.kernel.org
Subject: Re: [kernel-hardening] 2015 kernel CVEs
Date: Tue, 19 Jan 2016 12:57:18 -0500 [thread overview]
Message-ID: <20160119175718.GA6872@thunk.org> (raw)
In-Reply-To: <20160119124917.6058019b@pc1> <20160119112812.GA10818@mwanda>
On Tue, Jan 19, 2016 at 02:28:12PM +0300, Dan Carpenter wrote:
> There was only a coupls CVEs that looks like they came from a filesystem
> fuzzer where you create a corrupt filesystems and then try use them.
> There was only one that might have come from a USB fuzzer. We probably
> should be testing those things better.
On Tue, Jan 19, 2016 at 12:49:17PM +0100, Hanno Böck wrote:
> I tried that, but it didn't lead to any results in the kernel [1].
> What I did:
> * Use filesystem checking tools (fsck) and fuzz them with afl
> * Use the queue created by afl and try to mount these with a
> kasan-enabled kernel
>
> My conclusion was that the filesystem code in the kernel is relatively
> robust (at least robust enough for this trivial fuzzing).
> But it led to a number of bugs discovered in filesystem fsck tools.
An engineer at Red Hat did a pretty exhaustive set of file system
fuzzing some 5 years or so ago (plus or minus; I'm a little fuzzy on
the dates). At the time he found a number of problems in ext4 and
other file systems, and those got fixed fairly promptly. (It was
great; he gave us sample file systems to reproduce the bug, so it was
pretty straightforward to find and fix the problems found during that
effort.)
The ext4 related 2015 CVE's were all due to code that went in more
recently, and partially in response to that, Darrick Wong contributed
ext4-specific fuzzers to xfstess and to e2fsprogs. I think he found
at least one or two ext4 bug that way, although I don't remember if
they got CVE's assigned to them.
Darrick's work, plus the relatively disciplined regression test suite
development policy in e2fsprogs is probably why Hanno didn't find any
such issues in e2fsprogs, although he did seem to find bugs in many of
the others file systems.
If I recall correctly Darrick had talked about trying to make a
filesystem-generic fuzzer for xfstests, but I'm not sure what happened
to that idea. It looks like he also did provide a set of fuzzing
tests in xfstests, though.
So while I wouldn't want to discourage people from spending more time
in doing file system fuzz tests (I really *love* it when people find
and report bugs to me :-), I suspect the reason why we aren't finding
as many file system related CVE's is that it's well trodden ground,
since it's a pretty easy / obvious place to start probing for
weaknesses. (And it's much easier than finding data races, for
example.)
If people do what to invest more in hardening file systems, I would
recommend automating the file system fuzz testers and then trying to
get the upstream file system developers to run them.
Cheers,
- Ted
next prev parent reply other threads:[~2016-01-19 17:57 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-01-19 11:28 2015 kernel CVEs Dan Carpenter
2016-01-19 11:28 ` [kernel-hardening] " Dan Carpenter
2016-01-19 11:49 ` Hanno Böck
2016-01-19 15:49 ` Quentin Casasnovas
2016-01-20 11:19 ` Hanno Böck
2016-01-20 14:15 ` Wade Mealing
2016-01-20 17:48 ` Hanno Böck
2016-01-19 13:13 ` Wade Mealing
2016-01-19 14:56 ` One Thousand Gnomes
2016-01-19 14:56 ` [kernel-hardening] " One Thousand Gnomes
2016-01-19 16:32 ` [kernel-hardening] " Ben Hutchings
2016-01-19 17:54 ` Greg KH
2016-01-20 17:05 ` Ben Hutchings
2016-01-20 18:04 ` Greg KH
2016-01-21 15:18 ` Jiri Kosina
2016-01-21 18:46 ` Ben Hutchings
2016-01-19 16:57 ` Peter Hurley
2016-01-19 16:57 ` [kernel-hardening] " Peter Hurley
2016-01-19 17:00 ` Josh Boyer
2016-01-19 17:00 ` [kernel-hardening] " Josh Boyer
2016-01-19 17:51 ` Greg KH
2016-01-19 17:51 ` [kernel-hardening] " Greg KH
2016-01-20 7:12 ` Marcus Meissner
2016-01-19 17:57 ` Theodore Ts'o [this message]
2016-01-19 18:00 ` Al Viro
2016-01-19 18:00 ` [kernel-hardening] " Al Viro
2016-01-19 22:41 ` Eric W. Biederman
2016-01-19 22:47 ` [kernel-hardening] " Eric W. Biederman
2016-01-20 20:11 ` Jann Horn
2016-01-20 21:26 ` One Thousand Gnomes
2016-01-19 23:35 ` Kees Cook
2016-01-19 23:35 ` Kees Cook
2016-01-20 9:57 ` Miroslav Benes
2016-01-20 9:57 ` [kernel-hardening] " Miroslav Benes
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160119175718.GA6872@thunk.org \
--to=tytso@mit.edu \
--cc=kernel-hardening@lists.openwall.com \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.