Areas of Work Needed

We have a lot of work to do! While there are already many upstream security features, we are still missing many more.

For the list of specific items and desired features, see the KSPP Issue Tracker.

General concepts and concerns are here:

Bug Classes

Many bugs in the kernel belong to specific classes. Here we try to focus on classes of bugs that have security implications, explain them, link to examples, and link to defenses that are or could be used to entirely eliminate the bug class.

• Stack overflow
• Integer overflow
• Heap overflow
• Format string injection
• Kernel pointer leak
• Uninitialized variables
• Use-after-free

Exploitation Methods

When flaws in the kernel provide unintended read and write primitives to an attacker, there are many techniques used to gain execution control over the kernel. Here we try to explain them, link to examples, and link to defenses that are or could be used to eliminate an exploitation method.

• Kernel location
• Text overwrite
• Function pointer overwrite
• Userspace execution
• Userspace data usage
• Reused code chunks