Device Drivers Filled with Flaws, Pose Risk

Gary W. Longsine writes "Security Focus describes device drivers as an untapped source of buffer overflows, posing substantial risk not typically considered as part of a standard risk assessment. The security risks of device drivers on both Windows and Linux, including network (remotely exploitable) and hardware drivers (typically only locally exploitable) are discussed in the article. I've noticed that software you wouldn't expect sometimes installs a device driver component. I can understand this as a component of an antivirus or host based firewall, but it seems to be an oddly common design pattern on Windows, which clearly poses substantial risk."

Design pattern

[davidstrauss]

oddly common design pattern on Windows

Could someone give me examples of this? Most software I use doesn't do this. It seems more of a design pattern for DRM stuff (like DVD audio).

One hardware driver one from way back.

Sending a modem user a ping with +++ATH0 embedded. As soon as it was returned, those modems with defective modem drivers that didn't filter anything would hang up. Quick simple DoS.

Surprisingly it still works on some systems more than 18 years after I first tried it.

Re:One hardware driver one from way back.

[BurntNickel]

On the modems that I used it was required that there be a one second pause between the +++ and any following characters to get to command mode so I've never seen this actually work.

Re:One hardware driver one from way back.

All of these replies and no one remembers doind this to hapless IRC users?

/ctcp ping +++ATH0

You soon learnt the proper initialisation string to stop your modem hanging up. Something to do with setting the proper mask in one of the S registers, if I remember correctly.

Re:One hardware driver one from way back.

[zerbot]

People put it in .sigs in order to nail the kinds of people who didn't trim before replying, including trimming the .sig.

Multimedia Keyboards

[Lucractius]

seems these are almost everywhere these days. and with all the odd keys a lot of them Do need their own custom drivers for the extra keys and knobs and dials etc.

whatever happend to the good old days when an IBM model M was all you needed :)

Re:Multimedia Keyboards

[rokzy]

the worst is logitech mouse (MX900). it wants you to install shockingly ugly control software which not only wastes resources but reduces functionality.

the box says it supports IE only (a mouse suporting a browser!? wtf!?) which refers to the forward and back butons. but if you don't install the crappy software, the buttons work fine in firefox.

I suspect the main purpose of the software is just to try to force a taskbar icon on users to act as a form of self-advertising. it certainly isn't to make the mouse better.

How to make money from this

1. Identify a target corporation (for example, one that makes most of its money from leasing).
2. Write a virus that inserts itself into Excel and subtly changes the results of certain spreadsheets used to calculate the cost/value of leases - by about 1%, no more.
3. Buy a small manufacturer of CDROM drives.
4. Insert the virus into their device drivers.
5. Sell the resultant equipment really cheaply to your target.
6. Wait four years until the target co. thinks it's solvent (according to your buggered spreadsheets) but actually isn't.
7a. Sell this information to a rival that wants to take it over / take it out of the market.
7b. OR Blackmail the target, threatening to reveal its status to the market / the authorities.
7c. OR Short-sell the target's stock and then make the news public.

The money you make from step 7 will be a substantial return on the investment ($10m or so?) that you made in step 3.

Have you ever asked yourself...

[ratta]

why so many video card producers do not want to release specs?
Because with DirectX/DRI programs in userspace can access directly the hardware, and since the hardware is flawed they could easily gain root/Administrator privileges :-)

ugh

[Mr.+Underbridge]

As Linus once said, "Given enough eyeballs, all bugs are shallow." If board makers would GPL there drivers or even send one free of charge to a kernel developer, we would not have this problem.

1. Linus didn't say that, Raymond did. 2. By your own analysis, all famous open-source projects should be bug-free, right? Like Firefox, right?

Stop drinking the kool-aid. Open source is not a panacea for all software development problems, and Raymond made a lot of sweeping generalities in the book you're quoting, many which make for great sound bites but are absolutely irrelevant.

Open Documentation == Safe & Reliable Drivers

[shking]

One more reason to help groups trying to get documentation in order write their own drivers. Manufacturers seem more concerned with slowing down their rivals than with growing their customer base (for free!). Consider OpenBSD's recent problems with Adaptec.

Windows design flaws

[typical]

The real cause of most reboots are attempts to replace active user-mode executables (EXE or DLL). Executable files cannot be replaced while they're running. This makes it practically impossible to update system DLL's without a reboot, since they're going to running in some process all the time.

Yup. This is a major design flaw in the Windows kernel that dates way back. It's a significant part of the reason that you don't have to reboot Linux for anything other than a new kernel, but Windows frequently needs to be rebooted for user-level application installations.

It's on my list of "stupid design decisions made in Windows" (where "Windows" == NT family, not 9x family).

Other goodies are:

* "pageable kernel memory pools" (sounds like a good idea, but significantly increases complexity of writing kernel code and ease of introducing lockup bugs) over Linux's approach of just unloading modules

* Microsoft's decision to not support "real" links, just shortcuts, in their user-mode software.

* Allowing application software to "block" a shutdown.

* Not allowing Windows to run without VM.

* Not designing Windows to be able to run off of read-only media.

* Godawful shell (not fundamental to the OS, and hopefully will fixed in Longhorn) and virtual terminal, to the point where most Windows users hate the terminal.

* Bad VM algorithms. I don't know what they use, but try running low on memory on a Windows box and the system becomes bloody unusable.

(From a developer standpoint)

* Poor sockets implementation (which is still the only reasonably portable networking API under Windows -- even IOCP lacks a IOCP-able connect() up until WinXP) with no way to kick select() awake, no local-domain sockets and lots of other flaws and irritations that have to be worked around by the Windows sockets programmer.

* Never precisely specifying API behavior -- MSDN is more of a tutorial or basic user guide to the API than a true specification. Look at a Linux man page and you generally have pretty strong guarantees on the behavior of the function provided, and that isn't even the specification (those which the function conforms to are listed and you can read a hard specification of guaranteed behavior).

Why do we even need device drivers at all?

[Skapare]

Why do we even need device drivers at all? I've worked on (used, administered) two different kinds of major operating systems (and a couple more smaller ones) that did not use device drivers at all. The answer to thise question reflects a condition that those two major OSes did not have to deal with: lack of standardized hardware.

The original IBM System 360, released in the 1960s, effectively had relatively standardized hardware. That was because IBM made all the hardware. When other manufacturers eventually made their own hardware, they were forced to make that hardware compatible. A manufacturer of a disk drive had to make it accept every hardware command that IBM's own models accepted, or it would not work. No provision existed in the operating systems for these machine to install or load a special device driver, short of modifying the source directly (which was all in assembly code for the mainframe CPU architecture).

I/O operations in the original System 360, and to a great extend in the 370 and 390 that followed, is quite uniform compared to the PC architecture. Although IBM popularized this architecture, it was actually the design of the 8088 CPU that caused things to be quite non-uniform due to it's lack of any I/O architecture (it only had a simplistic in/out CPU instruction set, which effectively functioned like fetch/store instructions in a private address space). This meant every peripheral (like a serial port) had to operate its own way. Microsoft's DOS operating system furthered the dependency on device drivers being added by making it relatively easy to do. So by combining an architecture that was very poor at I/O, absent of an I/O standard, and an OS that made discrete device drivers easy, we have this become dependent on this.

A computer architecture could still be built that includes a standardized I/O infrastructure (e.g. all devices interface the same way) and standardized I/O command set (e.g. all operations of the same class operate identically), and would not need individual device drivers. Each different class of device (e.g. a hard drive is an example of one class) would have its own I/O handling code in the OS which can be referred to as the device driver, but it would be one set of code that handles every device of that class. A command from the "hard drive handler" code in the OS to read a specific sector of storage would be exactly identical regardless of the size of the drive (if it accesses a non-existant sector, it always gets a standard error), the maker of the drive, and whether or not there is a gateway controller to interconnect legacy hardware (e.g. SCSI, IDE, SATA, etc). The same principle would be applied for all other classes of devices. All random accessible devices could then be bootable with merely the issuance of a basic "read a sector from offset N" command generated by a very simple firmware system ... for some standardized value of N for booting purposes.