diff options
| author | Nick Kralevich <nnk@google.com> | 2012-06-27 11:39:01 -0700 |
|---|---|---|
| committer | Nick Kralevich <nnk@google.com> | 2012-06-28 11:57:15 -0700 |
| commit | e02a1b99dc87805c6f192eb6f1512e6e12f183a9 (patch) | |
| tree | fc7decc67dbe67aea91d8fd63ff650c6841b4379 | |
| parent | 8c4338920f5c533f11898fd742d64039a3041696 (diff) | |
| download | source.android.com-e02a1b99dc87805c6f192eb6f1512e6e12f183a9.tar.gz | |
security: update Memory Management Security section
Add Android 4.1 features, including:
* relro
* mmap_min_addr
* dmesg_restrict
* kptr_restrict
Reorganize the sections to better indicate when various security
features were added.
Change-Id: Ie3335f55c911fcae3344fb90d475c292c2b76929
| -rw-r--r-- | src/tech/security/index.md | 25 |
1 files changed, 20 insertions, 5 deletions
diff --git a/src/tech/security/index.md b/src/tech/security/index.md index 2b552062..b3845462 100644 --- a/src/tech/security/index.md +++ b/src/tech/security/index.md @@ -1,4 +1,4 @@ -[TOC] +[TOC] #Android Security Overview ##Introduction @@ -319,17 +319,32 @@ Android includes many features that make common security issues harder to exploit. The Android SDK, compilers, and OS use tools to make common memory corruption issues significantly harder to exploit, including: -+ Address Space Layout Randomization (ASLR) to randomize key locations in memory -+ Hardware-based No eXecute (NX) to prevent code execution on the stack and heap +**Android 2.2+** + + ProPolice to prevent stack buffer overruns (-fstack-protector) + safe_iop to reduce integer overflows + Extensions to OpenBSD dlmalloc to prevent double free() vulnerabilities and to prevent chunk consolidation attacks. Chunk consolidation attacks are a common way to exploit heap corruption. + OpenBSD calloc to prevent integer overflows during memory allocation -+ Linux mmap_min_addr() to mitigate null pointer dereference privilege -escalation + +**Android 2.3+** + + Format string vulnerability protections (-Wformat-security -Werror=format-security) ++ Hardware-based No eXecute (NX) to prevent code execution on the stack and heap ++ Linux mmap_min_addr to mitigate null pointer dereference privilege +escalation (further enhanced in Android 4.1) + +**Android 4.0+** + ++ Address Space Layout Randomization (ASLR) to randomize key locations in memory + +**Android 4.1+** + ++ PIE (Position Independent Executable) support ++ Read-only relocations / immediate binding (-Wl,-z,relro -Wl,-z,now) ++ dmesg_restrict enabled (avoid leaking kernel addresses) ++ kptr_restrict enabled (avoid leaking kernel addresses) ##Rooting of Devices |