Presentation Title: Unix Kernel Auditing
Presentation Details:
This paper will deal with finding security flaws in unix kernels. Today kernel related security bugs are more important then ever, This is because the average administrator is paying attention to security these days. He/she will usually narrow down everything that can be ran as another user (network daemons, cron scripts, suid and sgid binairies, webapplications, …).
These are in most cases all programs that run in userspace and are usually fairly easy to narrow down. Things are not that easy when it comes to kernels. Most people see kernels as as blackboxes and will stay away from them except for some compile configurations. This is where the problem lies. besides the fact that it is very hard to minimize your kernel they are also a perfect target for attack. Unlike some network applications and suid/sgid binaries kernels have a lot (+1000) of inputs that a user initially controls. Given that no sofware is flawless, and the most unix kernels have more then 1000 inputs it’s safe to say that all unix kernels have severe security bugs that have yet to be discovered.
This paper will describe some common steps into looking for specific security flaws and will try to stipulate where to look for them.
About Ilja:
Ilja van Sprundel is a employee of Suresec Ltd. and has a passion for somewhat offensive computer security. Among other things he has previously implemented a secure credit card transaction solution. Ilja also attended the RWTH-Aachen summerschool of applied I.T security where he learned a great deal about offensive and defensive security mechanisms. He is also the winner of the 21c3 stacksmashing contest and a member of the Netric security research group.