PlanetSquires Forums

Please login or register.

Login with username, password and session length
Advanced search  

Author Topic: Google's new operating system Fuchsia written n C++  (Read 164 times)

Paul Squires

  • Administrator
  • Guru Member
  • *****
  • Posts: 9287
  • Windows 10
    • PlanetSquires Software
Google's new operating system Fuchsia written n C++
« on: June 10, 2020, 08:08:43 AM »

From: https://tech.slashdot.org/story/20/06/10/008245/playing-around-with-the-fuchsia-os

Security and software development company Quarkslab played around with Google's new Fuchsia operating system, which could one day replace Android on smartphones and Chrome OS on laptops. The researchers "decided to give a quick look at Fuchsia, learn about its inner design, security properties, strengths and weaknesses, and find ways to attack it." Here's what they concluded:

Fuchsia's micro kernel is called Zircon. It is written in C++. [...] Contrary to every other major OS, it appears rather difficult to target the Zircon kernel directly. A successful RCE (Remote Code Execution) on the world-facing parts of the system (USB, Bluetooth, network stack, etc) will only give you control over the targeted components, but they run in independent userland processes, not in the kernel. From a component, you then need to escalate privileges to the kernel using the limited number of syscalls you can access with the handles you have. Overall, it seems easier to target other components rather than the kernel, and to focus on components that you can talk to via IPC and that you know have interesting handles.

Overall, Fuchsia exhibits interesting security properties compared to other OSes such as Android. A few days of vulnerability research allowed us to conclude that the common programming bugs found in other OSes can also be found in Fuchsia. However, while these bugs can often be considered as vulnerabilities in other OSes, they turn out to be uninteresting on Fuchsia, because their impact is, for the most part, mitigated by Fuchsia's security properties. We note however that these security properties do not -- and in fact, cannot -- hold in the lowest layers of the kernel related to virtualization, exception handling and scheduling, and that any bug here remains exploitable just like on any other OS. All the bugs we found were reported to Google, and are now fixed.

Again, it is not clear where Fuchsia is heading, and whether it is just a research OS as Google claims or a real OS that is vowed to be used on future products. What's clear, though, is that it has the potential to significantly increase the difficulty for attackers to compromise devices.
Logged
Paul Squires
PlanetSquires Software
WinFBE Editor and Visual Designer

raymw

  • Senior Member
  • ***
  • Posts: 394
Re: Google's new operating system Fuchsia written n C++
« Reply #1 on: June 10, 2020, 08:56:59 AM »

https://blog.quarkslab.com/playing-around-with-the-fuchsia-operating-system.html

Have you rewritten the buggy usb code yet?

This stuff goes round in circles, at all levels. Higher speeds and cheaper memory make these things more feasible, but I'm not sure if it is the best methodology for a fixed/integrated system, e.g phone/tablet. It depends if you're buying or selling.
I expect Google will buy Quarslab - they know too much...
Logged

Bumblebee

  • Little Newbie
  • *
  • Posts: 44
Re: Google's new operating system Fuchsia written n C++
« Reply #2 on: June 11, 2020, 06:35:14 AM »

These are the reliability/security theories that inspired Minix.
Logged