Black Hat Europe 2011 is now over and we are very happy to have participated once again in the best European IT security conference!

Continuing from our last year’s presentation, our talk this year focused on operating system kernel protections. Specifically, our researchers Patroklos Argyroudis and Dimitris Glynos collected their experiences from kernel exploit development and presented the ways in which modern operating systems protect their kernels from memory corruption attacks.

In my recent Black Hat Europe 2010 talk I gave an overview of the kernel exploitation prevention mechanisms that exist on FreeBSD. A few people at the conference have subsequently asked me to elaborate on the subject. In this post I will collect all the information from my talk and the various discussions I had in the Black Hat conference hallways.

This article is a followup to our last year’s advisory on canary randomisation for applications of the Debian distribution.

I was recently asked what the currently employed method is for canary randomisation in SSP-armoured Linux applications. I’ve been meaning to write an article on this for some time now, but didn’t have the necessary time. So here it is (albeit a little late).

We have found that Debian packages of the GNU libc library (versions prior to and including 2.7) provide a static (i.e. guessable) canary value to all applications armoured with the gcc SSP mechanism.