Sensor drivers, in general, do not have any access to memory that they did not own before being registered. For example, if a sensor registers a buffer that was copied from user memory, the sensor driver is the only one that could have done that. This could lead to a sensor driver reading from or writing to kernel memory that it does not own. This out of bounds read or write can result in a local denial of service in the sensor driver. Sensor drivers are not subject to the same code review standards as other code. One reason for this is that sensor drivers are often developed by networking and other non-kernel developers. Another reason is that sensor drivers are often developed by non-programmers. Sensor drivers are often developed by vendors and sensor hardware companies. Vendors and sensor hardware companies often do not follow the same coding standards as other developers. Vendors and sensor hardware companies often do not follow the same security standards as other developers. This means that the same code review standards and security standards that are normally used for other code might not be used for sensor drivers.
What can be done to help sensor driver security?
There can be several things that can be done to improve the security of sensor drivers.
One way to improve sensor driver security is to follow the same code review standards and security standards that are used for other developers and vendors.
Another way to improve sensor driver security is to have more people reviewing the code, especially if it is written by non-programmers.
Another way to improve sensor driver security is for vendors and sensor hardware companies to use different coding standards than what they would normally use for their own code as well as following the same code review standards and security standards that are used for other developers and vendors.
Checklist:
Review sensor driver code with the following checklist:
OS dependent.
If using Linux, run a code review against the kernel module.
Secure coding standards.
Checklist:
Review sensor driver code with the following checklist:
OS dependent.
If using Linux, run a code review against the kernel module.
Secure coding standards.
Software development due diligence
Even though sensor drivers are often developed by non-programmers, a certain amount of software development due diligence should still be done. However, since sensor drivers are often written in C or C++, the standard code review and security standards can be difficult to follow.
Security researchers would not normally have access to the source code for sensor drivers. Sensor drivers might require different software development due diligence than other types of drivers. For example, if sensors use hardware-specific features that must remain secret from potential attackers then it could require extra software development due diligence.
Mitigation Strategies
An attacker cannot exploit a sensor driver because the sensor drivers do not have any memory that they did not own before being registered. If an attacker can, it would require the following:
1. The sensor driver has to be running as root
2. The sensor driver has to be running in a user space process
3. The attacker could write data into kernel memory that they own or read from kernel memory that they own without being able to read from user memory
I2CP Stack Exhaustion - Layer 7
Denial of Service
In some cases, for example in a security-sensitive environment, sensor drivers might be running with lower privileges than a process that is running on the same machine. If a kernel driver or another process needs to read from or write to memory owned by the sensor driver, then the kernel driver will need to get higher privileges in order to access that memory. When this occurs, then the kernel driver can read or write to memory owned by the sensor driver and cause a stack exhaustion condition. This could lead to a local denial of service in the sensor driver.
Timeline
Published on: 10/14/2022 19:15:00 UTC
Last modified on: 10/18/2022 18:11:00 UTC