"Tale of two hypervisor bugs - Escaping from #FreeBSD #bhyve"

http://phrack.org/papers/escaping_from_freebsd_bhyve.html

^ Author had to reintroduce a vulnerability to successfully exploit on #HardenedBSD:

"All the previously detailed techniques will no
longer work."
The CFI bypass will be fully mitigated with my Cross-DSO CFI work, which is yet to land.

The SafeStack bypass would be mitigated with SROP.
"A bug in any of the whitelisted IOCTL command could allow code execution in the context of the host kernel."

So much for #Capsicum in #FreeBSD #bhyve.
This is exactly why I warn against the continued marketing of Capsicum as the security silver bullet.
This also shows why hypervisors don't increase security; rather, they decrease overall security posture.
You can follow @lattera.
Tip: mention @twtextapp on a Twitter thread with the keyword “unroll” to get a link to it.

Latest Threads Unrolled:
There are a lot of misconceptions about the Turkish diaspora in Germany. Since i just finished writing an essay about this topic I thought it's time to give other people
Read more
Las mejores calculadoras online en 2020A thread http://totumat.com/2020/11/26/las-mejores-calculadoras-online-en-2020/ Cuando se estudian asignaturas que requieren de cálculos complicados, nada mejor que contar con una buena calculadora.
Read more
Mitigating #ClimateChange is as much about taking up new techs as about leaving others behindMost studies focus on #coal's global downfall but another #energy tech decline is loomingRead my new
Read more