On 4/26/2023 12:18 PM, Ville Juven wrote:
How to protect the integrity of the stack allocated structure is still a
bit open but one option is to use kheap as well. Semantics to be figured
out, the solution should be feasible.
My idea was to put the handle to this data into the user semaphore, however
a pointer must not be used, a handle / integer id is needed, which then
holds the pointer (much like files etc). As the user can spoof / destroy
the pointer it is unsafe to do that. Spoofing the id can cause the user
process to crash, but the kernel integrity remains.
I think the missing piece is:
https://github.com/apache/nuttx/issues/1329 also
https://github.com/apache/nuttx/issues/1359
All system calls really need to verify all data passed from
applications. (The current problem statement in 1329 is insufficient)
You can't really prove that an address is correct, but we can at least
assure that all user addresses lie in user space and all kernel address
lie in kernel space.
I suppose if we could protect a secret we could hash kernel addresses.
There are many open issues in this regard. I don't think you should
have to worry about this too much now. Perhaps you could just open an
issue and link it to 1329. Someday we will get more serious about
security bugs.