
A survey of BSD kernel vulnerabilities [pdf] - beliu
https://media.defcon.org/DEF%20CON%2025/DEF%20CON%2025%20presentations/DEFCON-25-Ilja-van-Sprundel-BSD-Kern-Vulns.pdf
======
kev009
This was a great preso.

I think we need to fund regular audits of FreeBSD that use this type mindset.

~~~
JdeBP
You might find _How to find 56 potential vulnerabilities in FreeBSD code in
one evening_ , _PVS-Studio delved into the FreeBSD kernel_ , and _Weaknesses
in GCC, Clang and FreeBSD Code_ interesting reading as well:

* [https://www.viva64.com/en/b/0496/](https://www.viva64.com/en/b/0496/) ([https://news.ycombinator.com/item?id=14057568](https://news.ycombinator.com/item?id=14057568))

* [https://www.viva64.com/en/b/0377/](https://www.viva64.com/en/b/0377/) ([https://news.ycombinator.com/item?id=11131532](https://news.ycombinator.com/item?id=11131532))

* [https://www.viva64.com/en/b/0487/](https://www.viva64.com/en/b/0487/) ([https://news.ycombinator.com/item?id=13894115](https://news.ycombinator.com/item?id=13894115))

~~~
jbergstroem
Thanks for these!

------
vacri
Impressive that FBSD only had 20% more bugs over OBSD despite having 200% more
lines of code.

~~~
vancan1ty
Considering that this was apparently one person doing investigative research,
and a very small fraction of each code base (freebsd apparently has about 9
million LOC, openbsd 2.9 million), I do not think it is reasonable to state
that freeBSD "only had 20% more bugs", but rather only that the investigator
found 20% more bugs in it in his research. He probably examined a similar
number of LOC of each OS and spent a similar amount of time on each OS if I
had to make a guess -- the slides do not say however.

If he had spent three times more time on freebsd than on openbsd I would agree
with you.

~~~
nerdponx
This raises some interesting questions about sample selection when
statistically or probabilistically analyzing a piece of software.

In statistical analysis you need to have a clear definition for your "unit of
observation". Is it individual lines? Is it individual methods? Is there some
way to break down code intofunctional units? Is it entire code paths?

Without having a well-defined unit of analaysis and a consistent sampling
scheme, extrapolation is difficult or impossible using conventional
statistical tools, without making some very big assumptions.

------
teporxahor
Ilja is one of the baddest dudes out there. Excellent work once again,
chapeau!

------
sigjuice
OpenBSD stopped claiming "N years without a localhost hole in the default
install!" in 2000. See
[https://web.archive.org/web/20000815063126/http://openbsd.or...](https://web.archive.org/web/20000815063126/http://openbsd.org:80/)
and
[https://web.archive.org/web/20001110110500/http://www.openbs...](https://web.archive.org/web/20001110110500/http://www.openbsd.org:80/)

But Page 6 of this pdf has OpenBSD developers going on about Linux and its 20
localhost kernel security holes in 2005. Seems a bit dishonest.

~~~
tedunangst
There are numbers greater than zero and less than 20.

~~~
calebl
FYI, since you're here: visiting your site on FF in Windows 10 is throwing an
insecure error, saying you're using an invalid certificate. 100% possible
that's somehow an error on my end - but just in case it isn't, thought you'd
want to know. Sample URL throwing it:
[https://www.tedunangst.com/flak/post/books-chapter-
three](https://www.tedunangst.com/flak/post/books-chapter-three)

Side note: I'm hugely grateful for all your work on OpenBSD.

~~~
ams6110
Same in FF on Mac OS X:

 _www.tedunangst.com uses an invalid security certificate. The certificate is
not trusted because the issuer certificate is unknown. The server might not be
sending the appropriate intermediate certificates. An additional root
certificate may need to be imported._

 _Error code: SEC_ERROR_UNKNOWN_ISSUER_

And in Chrome:

 _Attackers might be trying to steal your information from www.tedunangst.com
(for example, passwords, messages, or credit cards).
NET::ERR_CERT_AUTHORITY_INVALID_

~~~
vancan1ty
Despite the browsers' dire warnings, you are still far more protected visiting
a website with a self-signed certificate than visiting a plain http website.

~~~
ams6110
more protected from what?

~~~
vancan1ty
my point is that TLS can still be useful without the participation of a
certificate authority. but you have to be careful.

~~~
ams6110
Right. I've visited Ted's site in the past, and had no certificate warnings.
Now, suddenly, I am getting warnings. So isn't that the exact scenario in
which I should be very suspicious?

It's just a blog; I'm not submitting anything, but still it's an indicator
that something fishy _might_ be going on.

------
nreilly
Are there any CVEs for these? Have they been fixed?

~~~
ben_bai
I only subscribe to OpenBSD but there have been 24 fixes, in the last weeks,
for issues reported by Ilja van Sprundel.

[http://marc.info/?l=openbsd-
cvs&w=2&r=1&s=Ilja+van+Sprundel&...](http://marc.info/?l=openbsd-
cvs&w=2&r=1&s=Ilja+van+Sprundel&q=b)

------
Pengtuzi
Seems interesting. Is there a recorded talk to go with this?

~~~
j_s
Real soon now (not sure on the timeframe)

[https://www.youtube.com/user/DEFCONConference/videos](https://www.youtube.com/user/DEFCONConference/videos)

------
Piccollo

      expired pointers, Double frees, Underflows, overflows, signedness,  NULL deref, Division by zero, Memory leaks
    

YIKES!

------
peterwwillis
Blasphemy!

------
gigatexal
Have the BSD devs seen this? Have the required bugs been filed?

------
jjawssd
What is the likelihood that we will see a major operating system written in a
safe language such as Rust in the next 10 years?

~~~
saghm
That depends; do you mean that it has to be written in the next ten years and
then later becomes widely used, or that it has to become widely used in the
next ten years? If the former, I'd say _maybe_ if Redox becomes mature enough
to be widely used maybe a decade or so down the line (with "widely used"
meaning "used as much as at least one of the major BSDs", since those are what
are being discussed in the PDF), and if the latter, I'd say almost definitely
not (and this is coming from a huge Rust fanatic)

~~~
Skunkleton
The best case scenario in that time frame would be to implement portions/new
features of an existing kernel in a safe language. Maybe it could start with
officially supported driver modules in rust?

~~~
mpe
Yeah I agree. It would be great if parts of the kernel could be written in a
safer language. I think in 10 years that will be happening in at least some
widely used OS, but most likely one that only supports a small range of
architectures.

