A technical look at @GrapheneOS Hardened Malloc, a memory allocator designed to mitigate heap corruption vulnerabilities (UAF, overflows) and break common exploit primitives.
Deep dive for security researchers & exploit developers by @iksocin
https://t.co/99v99YQTdO
The way they've implemented this is NOT privacy preserving. It locks people into highly privileged Google service integration and forbids using a non-Google-certified OS. Giving substantial data access and control to services is not privacy preserving.
https://t.co/biGkkFQdld
This post is needed to debunk misinformation from a charlatan (@hackerfantastic) masquerading as being a legitimate security researcher. They used to be quite successful at duping people into believing they were legitimate by taking credit for other people's work and fabricating vulnerabilities, which hasn't held up for them in the long term. They have historical follows from actual researchers from before their credibility disintegrated which is part of why people still fall for it. They are not a legitimate researcher and many of their past claims of exploits including phony systemd exploits have been debunked. Lennart Poettering is one of several people to debunk their made up vulnerabilities and had their replies hidden along with being blocked, which is the same approach they just took with us (see the hidden posts at https://t.co/nR5KzjomIl for an example). The many unsubstantiated claims they make should not be believed. We can't reply at all within those threads anymore due to the new way blocking works so we're replying here instead.
Their main attempt at attacking us is making the ridiculous and downright desperate false claim that somehow the only purpose of GrapheneOS is using OpenBSD heap allocators, which it hasn't even used since before we made hardened_malloc in 2018:
https://t.co/r63mmTdl3S
https://t.co/7DesGSh4ta
https://t.co/AuwMNOhOK3
Our hardened_malloc project is an important sub-project protecting very well against the majority of remote code execution exploits in the userspace part of the OS. However, it's a tiny portion of our overall work and only one of many major privacy and security features we provide. Even if we did still use OpenBSD malloc for 32-bit apps on older devices still supporting them, that wouldn't be a significant part of the project at all.
They're promoting that people use a highly insecure device without the most basic hardware, firmware and software security features where data can be trivially extracted from the device without even using exploits and where far more vulnerabilities are exposed with negligible protection against them being exploited:
https://t.co/Qk3EV3qsHk
GrapheneOS is a Linux distribution based on the Android Open Source Project (AOSP). Compared to a traditional desktop Linux distribution, AOSP is already very hardened and provides dramatically better privacy and security. It's a night and day difference. Traditional desktop Linux distributions struggle to deploy exploit protections from the early 2000s and lack proper app sandboxing. They lack systemic privacy and security work throughout the OS as a whole. They're really a bunch of largely anti-security projects glued together into a frankenstein OS with the development direction set by these individual projects, not the distributions. They ship what's provided to them, and the result is not a particularly secure OS. iOS and AOSP are far more secure than these operating systems. A bunch of companies having badly maintained forks of AOSP does not reflect on AOSP itself, but even those are far more secure than traditional desktop operating systems if they're doing the bare minimum of providing security patch backports.
Android Open Source Project without our improvements is far more secure than desktop Linux distributions. It already has a far more hardened kernel with a huge amount of attack surface reduction via the kernel configuration, very advanced use SELinux and to a lesser extent seccomp-bpf. The differences in userspace are far more dramatic. It has a well designed mandatory app sandbox and sandboxing heavily used throughout the OS. It has strict full system SELinux MAC/MLS policies which the OS is developed around rather than being added on afterwards. The majority of new code is being written in memory safe languages (Rust, Java, Kotlin). It was always focused on memory safety, sandboxing, etc. from the start. Privacy and security are a major focus throughout it and many design compromises are made for them rather than being an afterthought. Backwards incompatible privacy and security changes are made to the app sandbox on a yearly basis.
Our features compared to the latest release of the standard Android Open Source Project are documented at https://t.co/5BbNpMO7No. This page only covers our improvements and does not cover the standard AOSP privacy and security features. The subset of our features which have been landed upstream by us such as FORTIFY_SOURCE for the Linux kernel string library have been removed from our features page.
Our hardened_malloc project provides great protection against heap corruption vulnerabilities in userspace but that's just one small part of the overall GrapheneOS project. Prior to making our hardened_malloc project in 2018, we used our own fork of OpenBSD malloc ported to Linux and extended with significant additional security features. This had to be replaced as a whole to provide substantially better security against heap vulnerabilities.
This charlatan (@hackerfantastic) is spreading misinformation about GrapheneOS because they had a business deal with Copperhead after the failed takeover attempt on GrapheneOS. They were trying to sell devices with their insecure, closed source fork of legacy GrapheneOS versions. They hold a grudge against us based on their business venture failing and are trying their best to spread misinformation about it. Unfortunately for them, they don't have the faintest clue about what we work on and what we provide in current generation GrapheneOS. They responded to us responding with polite, accurate information by hiding our posts, blocking us and doubling down on blatant misinformation which we already pointed out.
If you want to go down a deep rabbit hole, look into how the company they co-founded, Hacker House, got money through government corruption. If they keep going down the road of supporting harassment content targeting our team, we can make a post about this.
Mensonge. Bêtise. Préjugés. Victimisation à outrance. Agit-prop sur les réseaux sociaux pour manipuler l'opinion et faire passer l'établissement pour raciste. Intimidations sur des représentants de la République.
Emballement infernal menant sur l'assassinat de #SamuelPaty.
The Rust Foundation is excited to support a new contest from @awscloud that seeks to crowd-source the verification of the Rust standard libraries ⚙️
Learn more: https://t.co/qtbreFKoCK
"If you're a well-funded nation state, I think you'd be crazy to not have a team of three or five engineers out there just writing open source libraries that are useful, right? Play the long game..."
☝🏽@lorenc_dan on the malicious insider haunting the software supply-chain
The security community is going through the five stages of grief right now with the xz thing and I think a lot of people are coping with “there are technical measures that could have prevented this”. To move on, it is important to understand that this is not true in the slightest
We will all click on a well crafted malicious link, whatever our background in cybersecurity.
Please don't make your cybersecurity rely on user awareness.
User awareness helps to reduce the number of events to deal with, no more.
"Ignorance stupéfiante" : l'ex Haut-Commissaire à l'��nergie atomique Yves Bréchet dézingue "l'inculture des politiques", responsables du marasme dans lequel se trouve le nucléaire français
https://t.co/JffBuRQBkK
We found a way to defeat pointer authentication (and forge kernel pointers from userspace) on the Apple M1 via a new hardware attack.
Here’s how it works-
https://t.co/6Kz3jnRtwI
Some historical revisionism from LWN again, talking about how SLS was only known for a year and a half (and justifying everyone's excuse for doing nothing about it for so long), yet we had traps after rets more than a year before their timeline 🙄https://t.co/BSyjBzwne9
new blogpost:
"How a simple Linux kernel memory corruption bug can lead to complete system compromise: An analysis of current and potential kernel security mitigations"
I'll post a copy to the kernel-hardening list later in case folks want to discuss it.
https://t.co/N81iKRgXII
microG does NOT provide an open source implementation of Play services. Apps using Play services integrate the closed source Google libraries which are fully capable of contacting Google services regardless of whether Play services is present, and also do so in practice too.
@spendergrsec Both have actually existed for a few months. And yes, they merge the appropriate stable tags into them. Not sure I understand what you mean by "naming trick" though.
For the past 3 months, we had the talented @Markak_ (co-author of last year's "elastic objects" paper) investigate how #grsecurity's compiler-driven AUTOSLAB feature changes kernel heap exploitation (positively or negatively). His writeup is now available: https://t.co/5GhxtoAne0
@spendergrsec And FWIW I liked how the relevance/effectiveness of this compiler instrumentation itself was questioned when submitted to LLVM: https://t.co/tbJp1GLHP5 (it hasn't landed since).
A biased, love letter to #seL4. Everyone knows that seL4 was the first general purpose OS microkernel whose implementation was verified functionally correct. But did you also know ... ? 1/15