Dropbox explained why it is embedded in the operating system kernel

Exactly a month ago, Dropbox announced Dropbox Infinite - “a revolutionary new way to access your files,” as the company wrote in a corporate blog. The demo video showed that the Dropbox desktop client provides direct access to the cloud file storage at the file system level, without the need to launch a browser. The local disk is “increased” by the size of the cloud storage, the files are directly accessible. Cloud storage may be larger than a local disk. Now the company has disclosed technical details on how this feature works.



Immediately after the first announcement, experts expressed concern that Project Infinite would allow access to the system to outsiders if they find vulnerabilities in the Dropbox client. The native kernel extension from Dropbox will then become a kind of backdoor in the system.



In principle, Dropbox technical clarifications now to some extent confirm these concerns. Indeed, Dropbox Infinite integrates at the kernel level.

')

“Traditionally, Dropbox worked completely in user space , just like any other program on your machine,” writes company developer Damien DeVille. - With Dropbox Infinite, we delve deeper: into core space. With this technology, the Dropbox client changes the role from a passive observer, who watches what is happening on the local disk, to an active role in your file system. We have been working together for nearly two years to put the puzzle pieces together so that they work transparently. ”



The developer explains that the usual FUSE scheme does not suit them in terms of performance: each file operation usually requires an extra context switch between the kernel space and the user space, see the FUSE diagram.







Such context switches are quite expensive in terms of performance .



Performance degradation with FUSE





Performance is not the only reason. Dropbox believes that replacing the standard FUSE libraries with a native kernel extension eliminates unnecessary complexity and, therefore, increases system security.



One more useful thing: in the kernel extension, access rights checking via Kernel Authorization ( Copy Hooks on Windows) works to detect and prohibit certain operations in the Dropbox folder.







This check is much easier than it was possible to do through FUSE.







If an application runs in kernel space, it can afford much more than a regular program in user space. In terms of security, this is quite risky. “If Dropbox is at the core, it can access anything,” says Sam Bowne, who conducts ethical hacking courses at San Francisco College. “If there is a bug in the Dropbox client, you can use it to capture the entire system.”



Approximately in this way, hackers used a bug in antivirus software from Symantec / Norton (CVE-2016-2208). Antiviruses also work in kernel space, where Dropbox is also trying to penetrate.



It would seem that could go wrong?





“We take security seriously and do everything to protect our users and their data,” writes Dropbox. “Our Red team groups [internal independent vulnerability search divisions] offer Bug Bounty programs and regularly invite independent pentesters to help find vulnerabilities.”



Dropbox is aware of the security risk. The core expansion has been tested inside the company for almost a year, checking the stability and integrity of the system. Understanding all the risks, the company believes that it will still be a convenient feature.