Moving Vulnerable Kernel Logic Into User Space

Programs which run at ring zero are a security risk. Moving code into user space can mitigate this risk. As a demonstration, a simple kernel module with vulnerable logic was used as a control case. This module was capable of targeted data exfiltration from the kernel. It was shown that moving the application logic into user space decreased the severity of the vulnerability. Furthermore, rewriting the user space program in Guile – a very high-level language – removed the vulnerability entirely.