• a kernel hacker meets Fuschia OS

    From Retrograde@21:1/5 to All on Wed May 25 15:00:31 2022
    I found this really interesting. It's an OS that's really designed
    differently! I love *nix but am always wondering "what if?"

    https://a13xp0p0v.github.io/2022/05/24/pwn-fuchsia.html

    Fuchsia is a general-purpose open-source operating system created by
    Google. It is based on the Zircon microkernel written in C++ and is
    currently under active development. The developers say that Fuchsia is
    designed with a focus on security, updatability, and performance. As a
    Linux kernel hacker, I decided to take a look at Fuchsia OS and assess
    it from the attacker's point of view. This article describes my
    experiments.

    Summary

    In the beginning of the article, I will give an overview of the Fuchsia operating system and its security architecture.

    Then I'll show how to build Fuchsia from the source code and create a
    simple application to run on it.

    A closer look at the Zircon microkernel: I'll describe the workflow of
    the Zircon kernel development and show how to debug it using GDB and
    QEMU.

    My exploit development experiments for the Zircon microkernel:
    Fuzzing attempts,
    Exploiting a memory corruption for a C++ object,
    Kernel control-flow hijacking,

    Planting a rootkit into Fuchsia OS.

    Finally, the exploit demo.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)