
Huawei HKSP Introduces Trivially Exploitable Vulnerability in the Linux Kernel - phoe-krk
https://grsecurity.net/huawei_hksp_introduces_trivially_exploitable_vulnerability
======
mmastrac
This sort of stuff was pretty common in the early Android days. Most root
exploits were just clever attacks on the startup scripts and that continued
for some time until the manufacturers finally wised up. HTC was particularly
bad here.

I wouldn't attribute it to malice - just engineers without the right time
and/or training.

~~~
tails4e
This is explicitly security oriented code. The release notes indicate a high
awareness of security issues and discuss some advanced topics and items its
trying to mitigate.... and then the code has a way of leaking kernel memory.
Do you really doubt an engineer (or potentially team of engineers) working in
security could not see what was outlined in the article? Its suspect at least

~~~
AlotOfReading
C is absurdly easy to screw up like this. You need a lot of focused engineers,
complete institutional focus on proactively catching things like this, _and_
robust tooling to even have a hope of fixing all the low hanging security
issues consistently. I don't find it hard to believe that Huawei missed one or
all of those for at least long enough to make a patch.

------
stdcall83
I have looked at the patch, this is a huge patch file that includes lots of
changes, this is not a patch that will ever be reviewed as it's not the
standard that is expected from kernel developers: small patches that do
specific things.

My guess that it comes from a person who is posting a patch for the first time
to the mailing list.

attributing this patch to Huawei doesn't make sense, and if they really did
want to introduce a backdoor I'll only assume that they would have prepared
much better patches.

these kind of one time submissions are most likely to be ignored in the
mailing list..

I think it only got attention because someone saw Huawei in the headline.

------
shakkhar
As a long time C developer, I'd say this looks like something I would have
written in my early days. While I admit that Huawei is not above trying to put
a backdoor in the kernel, but Grsecurity also has a history of blowing things
out of proportion.

------
jbritton
I have no knowledge of how the integrity of the Linux kernel is protected. So
a small bit of background context would be nice. The article says this is a
patch set. I assume this gets reviewed before it’s allowed into the kernel.
I’m assuming the exploits were found before the patch was excepted. I can see
a frustration in having to review really bad code.

~~~
db48x
No, this code wasn't proposed for inclusion in the Linux kernel. To do that,
someone would have to send an email to the Linux kernel mailing list that says
what the changes are for, who wrote them, etc. This is probably just something
that Huawei wrote for their own custom kernel for their phones or something.

------
addicted44
Is the only evidence that this has anything to do with Huawei is that the
github account has listed Huawei somewhere on its profile?

------
panpanna
So those is not used anywhere yet?

It's good GRS tries to raise awareness, but this could very well be an WIP or
just some intern fooling around with Linux.

------
afrcnc
ELI5?

------
dylan604
Is this purely careless programming, or genuinely diabolical to use in
conjunction with something else to allow for more "interesting" things later?

Never attribute to malice...stupidity. However, I'm guessing since it is
Huawei, it will always (deservedly?) be suspect as malice first?

~~~
lykr0n
I would put money on careless/unskilled programming over diabolical. For
diabolical code, you would want something that could withstand a few levels of
code review.

~~~
tails4e
Why not both? Pepper the code with easy to find (and use) vulnerabilities and
also a few harder to find. It's win win for those who are trying to inject the
exploits, as if the obvious stuff can be chalked down to incompetence, then
the subtle ones can surely be - so in a way its a smart method of shielding
the nefarious act.

