Design World

  • Home
  • Technologies
    • 3D CAD
    • Electronics • electrical
    • Fastening & Joining
    • Factory automation
    • Linear Motion
    • Motion Control
    • Test & Measurement
    • Sensors
    • Fluid power
  • Learn
    • Ebooks / Tech Tips
    • Engineering Week
    • Future of Design Engineering
    • MC² Motion Control Classrooms
    • Podcasts
    • Videos
    • Webinars
  • LEAP AWARDS
  • Leadership
    • 2022 Voting
    • 2021 Winners
  • Design Guide Library
  • Resources
    • Subscribe!
    • 3D Cad Models
      • PARTsolutions
      • TraceParts
    • Digital Issues
      • Design World
      • EE World
    • Women in Engineering
  • Supplier Listings

Once Overlooked, Uninitialized-Use ‘Bugs’ May Provide Portal for Hacker Attacks On Linux

By Georgia Institute of Technology | March 2, 2017

Share

Popular with programmers the world over for its stability, flexibilityand security, Linux now appears to be vulnerable to hackers.

According to new Georgia Institute of Technology research, uninitialized variables ­- largely overlooked bugs mostly regarded as insignificant memory errors — are actually a critical attack vector that can be reliably exploited by hackers to launch privilege escalation attacks in the Linux kernel.

When successful, these intrusions give attackers increasing levels of access to a network’s resources.

“While other kernel bugs and vulnerabilities have been examined and remedied, uninitialized-use bugs are not well studied, and to date, no practical defense mechanisms have been developed to protect against these attacks,” said Georgia Tech Ph.D. student Kangjie Lu, lead researcher on the project.

In fact, despite potentially dangerous consequences, uninitialized-use bugs are seldom even classified as security vulnerabilities.

To prove that these bugs do present a security risk, researchers developed a novel approach, known as targeted stack spraying, to attack the operating system (OS) kernel.

Along with a technique that occupies large portions of the memory to control the stack, the automated attack probes the stack to find weaknesses that user-mode programs can exploit to direct kernel code paths and leave attacker-controlled data on the kernel stack. Ultimately, the goal of this attack is to reliably control the value of a specific uninitialized variable in the kernel space of a running program.

The research findings confirm that hackers using this method can automatically prepare a malicious pointer in the uninitialized variable. When the malicious pointer is used, a privilege escalation attack targeting the Linux kernel may occur.

“Our research shows that utilizing the targeted stack-spraying approach allows attackers to reliably control more than 91 percent of the Linux kernel stack, which, in combination with uninitialized-use vulnerabilities, suffices for a privilege escalation attack,” said Lu.

Not content to merely identify the vulnerability, Lu and his fellow researchers also developed a potential solution to the problem.

“Our mitigation approach leverages the fact that uninitialized-use attacks usually control an uninitialized pointer to achieve arbitrary read/write/execution,” explained Lu. “By zero-initializing pointer-type fields that the compiler cannot prove are properly initialized before they are used, we can prevent an adversary from controlling these pointers.”

To limit any unnecessary performance overhead related to zero-initializing pointer-type fields, the team developed an intra-procedural program analysis that checks whether a pointer field is properly initialized when it is used. Only uninitialized pointer fields require zero initialization.

A paper titled Unleashing Use-Before-Initialization Vulnerabilities in the Linux Kernel Using Targeted Stack Spraying is being presented this week at the Network and Distributed System Security Symposium being held in San Diego, Calif.


Filed Under: Industry regulations

 

Related Articles Read More >

ids-industrial-camera-manufacturer.sustainability-3
IDS focuses on sustainability in shipping
Part 5: Motion control + MQTT, OPC-UA, and other protocols for cloud services
Facebook CEO Zuckerberg Calls for More Outside Regulation
Musk’s Boring Company Calls it Quits on LA Tunnel, Instead Focuses on Hyperloop

DESIGN GUIDE LIBRARY

“motion

Enews Sign Up

Motion Control Classroom

Design World Digital Edition

cover

Browse the most current issue of Design World and back issues in an easy to use high quality format. Clip, share and download with the leading design engineering magazine today.

EDABoard the Forum for Electronics

Top global problem solving EE forum covering Microcontrollers, DSP, Networking, Analog and Digital Design, RF, Power Electronics, PCB Routing and much more

EDABoard: Forum for electronics

Sponsored Content

  • Industrial disc pack couplings
  • Pushing performance: Adding functionality to terminal blocks
  • Get to Know Würth Industrial Division
  • Renishaw next-generation FORTiS™ enclosed linear encoders offer enhanced metrology and reliability for machine tools
  • WAGO’s smartDESIGNER Online Provides Seamless Progression for Projects
  • Epoxy Certified for UL 1203 Standard

Design World Podcasts

July 26, 2022
Tech Tuesdays: Sorbothane marks 40 years of shock and vibration innovation
See More >
Engineering Exchange

The Engineering Exchange is a global educational networking community for engineers.

Connect, share, and learn today »

Design World
  • Advertising
  • About us
  • Contact
  • Manage your Design World Subscription
  • Subscribe
  • Design World Digital Network
  • Engineering White Papers
  • LEAP AWARDS

Copyright © 2022 WTWH Media LLC. All Rights Reserved. The material on this site may not be reproduced, distributed, transmitted, cached or otherwise used, except with the prior written permission of WTWH Media
Privacy Policy | Advertising | About Us

Search Design World

  • Home
  • Technologies
    • 3D CAD
    • Electronics • electrical
    • Fastening & Joining
    • Factory automation
    • Linear Motion
    • Motion Control
    • Test & Measurement
    • Sensors
    • Fluid power
  • Learn
    • Ebooks / Tech Tips
    • Engineering Week
    • Future of Design Engineering
    • MC² Motion Control Classrooms
    • Podcasts
    • Videos
    • Webinars
  • LEAP AWARDS
  • Leadership
    • 2022 Voting
    • 2021 Winners
  • Design Guide Library
  • Resources
    • Subscribe!
    • 3D Cad Models
      • PARTsolutions
      • TraceParts
    • Digital Issues
      • Design World
      • EE World
    • Women in Engineering
  • Supplier Listings