Kernel security features

[p4zuu]

I think we can start tracking down the security features we could add to the COCONUT kernel to improve its security:

• KASLR
• Read-only GDT and IDT
• SMEP and SMAP (Enabled in Enabling SMEP and SMAP #473)
• Heap hardening
• Shadow stacks (@Freax13 on it)
• LLVM's KCFI
• KPTI and PCID
• KASAN
• RELRO support for the ELF loader

This list aims to be as complete as possible, so please comment or reach me if you want to add or modify elements from the list, or would like to assign yourself to a task :)

[Freax13]

Shadow stacks :)

[00xc]

We could look into LLVM's KCFI.

Also we could perhaps consider a KPTI-like mechanism depending on our threat model regarding userspace.

[Freax13]

Rust has (unstable) support for KASAN.

[p4zuu]

Rust has (unstable) support for KASAN.

KASAN would be very useful in testing env indeed, I'll track it here too. @00xc already had a look into KASAN but struggled a bit with the linker as far as I remember. In any cases, we would still have to write the KASAN handlers ourselves, right?

[Freax13]

I have a working implementation of KASAN in mushroom.

In any cases, we would still have to write the KASAN handlers ourselves, right?

Yes, there's an interface that has to implemented by the kernel.

[p4zuu]

I have a working implementation of KASAN in mushroom.

Nice!

[00xc]

Other than the linking issues I had some boot hangs. I managed to get a working build by disabling stack instrumentation. I did not start the actual implementation though.

I'm not sure if I can recover the changes required but it was mostly defining the required symbols and adding some flags to the build command.

[Freax13]

We could extend our elf loader to support RELRO.

[Freax13]

I'd like to take a stab at shadow stacks.