Sensor drivers, in general, do not have any access to memory that they did not own before being registered. For example, if a sensor registers a buffer that was copied from user memory, the sensor driver is the only one that could have done that. This could lead to a sensor driver reading from or writing to kernel memory that it does not own. This out of bounds read or write can result in a local denial of service in the sensor driver. Sensor drivers are not subject to the same code review standards as other code. One reason for this is that sensor drivers are often developed by networking and other non-kernel developers. Another reason is that sensor drivers are often developed by non-programmers. Sensor drivers are often developed by vendors and sensor hardware companies. Vendors and sensor hardware companies often do not follow the same coding standards as other developers. Vendors and sensor hardware companies often do not follow the same security standards as other developers. This means that the same code review standards and security standards that are normally used for other code might not be used for sensor drivers.
Kernighan, Brian P. "4.4 BSD UNIX System Calls."
Kernighan, Brian P., and Dale M. Dougherty. The Unix Programming Environment: Seventh Edition . Boston, MA: Addison-Wesley Professional, 1999.
"Chapter 2 - Linux Kernel Data Structures."
How do I find Sensor Code?
The best place to look for sensor code is the source code for the Linux kernel. If you find a sensor driver in the kernel, it is likely that the vendor that provided it did not follow any of the standards or guidelines required by other developers. In many cases, they did not even provide their own code review or automated tools like Coverity Scan.
How to detect and prevent arbitrary code execution in sensor drivers
If you are developing or shipping a sensor driver, it is important to review that driver's code for potential bugs. Use one of the following methods to detect and prevent arbitrary code execution in sensor drivers:
1) Have your sensor driver compile with the CONFIG_RELAXED_USER_SECURITY kernel configuration option disabled. If your sensor driver does not compile with this option disabled, consider refactoring it so that it does.
2) Use tools such as ptrace(1) or syscalls(2) to watch for accesses to kernel memory by your sensor driver.
3) Add hardware breakpoints to your sensor driver. These breakpoints can be configured through an interrupt handler when the hardware detects an access violation.
Published on: 10/14/2022 19:15:00 UTC
Last modified on: 10/18/2022 18:10:00 UTC