←back to thread

Kernel-hack-drill and exploiting CVE-2024-50264 in the Linux kernel

(a13xp0p0v.github.io)
239 points r4um | 5 comments | 03 Sep 25 06:58 UTC | HN request time: 0.201s | source
1. N_Lens ◴[03 Sep 25 14:29 UTC] No.45116266[source]
Would a more memory safe language like Rust in the Linux kernel have more safety against these types of exploits?
replies(4): >>45116350 #>>45116464 #>>45120071 #>>45127563 #
2. steveklabnik ◴[03 Sep 25 14:36 UTC] No.45116350[source]
I just glanced at the patch, but “more safety” is at least directionally correct; given that the kernel could use unsafe code, it’s in theory still possible, but I would expect this code wouldn’t be written in unsafe directly.
3. vlovich123 ◴[03 Sep 25 14:48 UTC] No.45116464[source]
Hard to say. It is a write after free which rust technically prevents, but it depends on the abstractions chosen; it’s entirely likely there will be similar attacks that focus on exploiting flaws in the unsafe that will exist to trigger similar flaws. It should just be harder to exploit and easier to enforce that most of the kernel code is using “safe” abstractions.
4. pas ◴[03 Sep 25 20:31 UTC] No.45120071[source]
... a better type system, hygienic macros, and of course more static analysis (like Rust's borrow checker), and everything helps that makes writing safer abstractions easier, makes them easier to test and verify
5. fsflover ◴[04 Sep 25 14:18 UTC] No.45127563[source]
How about security through compartmentalization instead of one through correctness that never really works? Consider using Qubes OS to protect yourself.