Dropbox explained why it is embedded in the kernel of the operating system
Exactly a month ago, Dropbox announced Dropbox Infinite - “a revolutionary new way to access your files,” as the company wrote on its corporate blog. The demo video showed that the Dropbox desktop client provides direct access to the cloud file storage at the file system level, without having to launch a browser. The local disk “grows” by the size of the cloud storage, files are directly accessible. Cloud storage can be larger than the local disk. Now the company has revealed the technical details of how this function works.
Immediately after the first announcement, experts expressed concernthat Project Infinite will open access to the system to outsiders if they find vulnerabilities in the Dropbox client. Dropbox’s own kernel extension will then become a kind of backdoor in the system.
Basically, Dropbox's technical clarifications now to some extent confirm these concerns. Indeed, Dropbox Infinite integrates at the core level.
“Traditionally, Dropbox worked completely in user space , like any other program on your machine,” writescompany developer Damien DeVille. “With Dropbox Infinite, we go even deeper: into the core space.” With this technology, the Dropbox client changes its role from a passive observer who watches what is happening on the local disk to an active role in your file system. For almost two years, we have been working to connect the pieces of the puzzle together so that they work transparently. ”
The developer explains that the usual FUSE scheme does not suit them in terms of performance: each file operation usually requires unnecessary context switching between kernel space and user space, see the FUSE scheme).
Such context switches are quite expensive in terms of performance .
Performance degradation when using FUSE
Performance is not the only reason. Dropbox believes that replacing standard FUSE libraries with its own kernel extension eliminates unnecessary complexity and, therefore, improves system security.
Another useful thing: in the kernel extension, access control through Kernel Authorization ( Copy Hooks on Windows) works to detect and prohibit certain operations in the Dropbox folder.
Such verification is much simpler than could be done through FUSE.
If an application runs in kernel space, it can afford much more than a regular program in user space. From a security point of view, this is quite risky. “If Dropbox is in the kernel, then it can access anything, -says Sam Bowne, who teaches ethical hacking at San Francisco College. “If the Dropbox client has a bug, it can be used to capture the entire system.”
In approximately this way, hackers used a bug in antivirus software from Symantec / Norton (CVE-2016-2208). Antiviruses also work in the kernel space, where Dropbox also tries to penetrate.
It would seem that what could go wrong?
“We take security seriously and do our best to protect our users and their data,” Dropbox writes. “Our Red teams [internal, independent vulnerability search units] offer Bug Bounty programs and regularly invite independent pentesters to help look for vulnerabilities.”
Dropbox is aware of the security risk. For almost a year now, core expansion has been tested internally by the company, checking the stability and integrity of the system. Understanding all the risks, the company believes that this will still be a convenient function.