Fuchsia OS – Still a long way to high security

An experienced Linux kernel developer and hacker tries common tricks on the upcoming OS. The attempt shows that the security-first approach is not absolute: some parts of the kernel were written insecure and will have to be amended later. Some points are already plotted (KASLR is not yet implemented) but others are not.

Using a Fuchsia kernel in degraded mode, ie without security feature called SMAP (Supervisor Mode Access Prevention), a POC of rootkit have been demonstrated.

This blog post also shows that even if Fuchsia is very different from Linux, the hacking reflexes are the same.

Even if Fuchsia OS looks promising, a long journey still awaits Google before fulfilling the promise of a highly secure OS.

A Kernel Hacker Meets Fuchsia OS

Google takes Fushia’s security very seriously

An analysis of security enforcement integrated to Fuchsia OS: https://blog.cr0.org/2021/06/a-few-thoughts-on-fuchsia-security.html. Definitly, it’s not a proof of concept!

With a bonus: Why didn’t we write the (Zircon) kernel in Rust? (in fact, it should have been titled: why didn’t we write yet zircon in Rust?)