|
|
Пишет LWN.net (![[info]](http://lj.rossia.org/img/syndicated.gif){kind=small} syn_lwnheadline)@ 2020-02-12 17:13:00 |
 |
|
 |
|
|
|
|
|
|
 |
|
 |
Horn: Mitigations are attack surface, too
On the Google Project Zero blog, Jann Horn looks
at a number of vulnerabilities in a Samsung Android kernel, some of
which are caused by the addition of out-of-tree "security" features.
"The Samsung kernel on the A50 contains an extra security subsystem
(named 'PROCA', short for 'Process Authenticator', with code in
security/proca/) to track process identities. By combining several logic
issues in this subsystem (which, on their own, can already cause a mismatch
between the tracking state and the actual process state) with a brittle
code pattern, it is possible to cause memory unsafety by winning a race
condition."
On the Google Project Zero blog, Jann Horn looks
at a number of vulnerabilities in a Samsung Android kernel, some of
which are caused by the addition of out-of-tree "security" features.
"The Samsung kernel on the A50 contains an extra security subsystem
(named 'PROCA', short for 'Process Authenticator', with code in
security/proca/) to track process identities. By combining several logic
issues in this subsystem (which, on their own, can already cause a mismatch
between the tracking state and the actual process state) with a brittle
code pattern, it is possible to cause memory unsafety by winning a race
condition."
