hngopher.com

       [HN Gopher] Attacking Android Binder: Analysis and Exploitation ...
       ___________________________________________________________________
        
       Attacking Android Binder: Analysis and Exploitation of
       CVE-2023-20938
        
       Author : campuscodi
       Score  : 31 points
       Date   : 2024-06-04 18:41 UTC (4 hours ago)
        
 (HTM) web link (androidoffsec.withgoogle.com)
 (TXT) w3m dump (androidoffsec.withgoogle.com)
        
       | tripdout wrote:
       | I'd love to have this in-depth level of knowledge of kernel inner
       | workings. Super interesting writeup.
        
         | AshamedCaptain wrote:
         | Binder is actually something that was designed for BeOS and
         | PalmOS, so ironically it is not very tied to Linux and IMHO one
         | of these technologies that Google uses to abstract themselves
         | from Linux.
         | 
         | (It still has something to do with the early implementations
         | since I recognize some of the #define names..)
        
           | pjmlp wrote:
           | It also provides a way for a pseudo-microkernel like
           | architecture despite Linux, as many services run on their own
           | process talking with the Linux kernel via Binder.
        
             | p_l wrote:
             | IIRC, Binder also still includes "passing" the scheduler
             | quanta between procese6when making a call - meaning that
             | when you make a call from process A to process B, instead
             | of waiting for process B to be scheduled for execution, it
             | is swapped in place of process A in scheduling -
             | effectively, process A "pays" for the CPU tone that process
             | B needs to service the call.
        
       | doodlesdev wrote:
       | And again an extremely serious, device-compromising
       | vulnerability, arises from a use-after-free. When will we learn?
       | 
       | I don't think I'll ever be able to trust modern devices until we
       | finally abandon memory-unsafe languages. It's such low hanging
       | fruit at this point I don't understand anymore why OS developers
       | keep investing their time in other parts of the threat model of
       | operating systems if memory usage vulnerabilities keep arising
       | that completely destroy the existence of any security layer in
       | the system.
       | 
       | Was Google's plan to replace Android with Fuchsia? Is there any
       | plan to get rid of these vulnerabilities (specially use-after-
       | free) at scale on Android like the Chrome project has attempted
       | with the MiraclePtr project?
        
         | pjmlp wrote:
         | It is ongoing,
         | 
         | https://source.android.com/docs/setup/build/rust/building-ru...
        
         | cyberax wrote:
         | There's actually a reimplementation of Binder in Rust, for
         | Linux: https://lwn.net/Articles/953116/
        
         | chc4 wrote:
         | Fuchsia's kernel is written in C++. It's much more a
         | microkernel design, and so device drivers usually run as
         | userspace processes and some of them are Rust, but the core
         | kernel is not written in a memory safe language.
        
       ___________________________________________________________________
       (page generated 2024-06-04 23:00 UTC)