Announcement
Collapse
No announcement yet.
Linux Security Feature Revised For Randomizing The Kernel Stack Offset At Each System Call
Collapse
X
-
If you have to worry about things like APT... you've got quite a problem and no any widespread OS would save you easily on its own. And even exotic OS could be investigated by such a powerful adversary. Security is funny thing. Most dangerous time is when you feel yourself safe.
-
Originally posted by mystiquewolf View PostOkay, i fact checked.. it's since Windows Vista. I know Linux as a paradigm is "Hey there virus, even if you exploit the program you won't be able to do anything", and "you dumb, where did you encounter a Linux virus", but as far as i know DEP and ASLR were the mainstay of memory protection. Isn't Linux too late to the party? Multi-layered security?
You are thinking address randomisation that was added in Vista. This did not add stack randomisation of the stack offset that this is doing. ASLR and DEP really comes into the LInux kernel sooner than Windows. Linux basic DEP is called NX that even old added to Linux.
Grsecurity patchset provided some more advanced stuff than Microsoft Windows offered now those features are turning up as mainline features. This is a feature that just been adding to the LInux kernel that OS X and Windows don't have if you are lucky they will get it in another 2 to 3 years..
- Likes 5
Leave a comment:
-
Okay, i fact checked.. it's since Windows Vista. I know Linux as a paradigm is "Hey there virus, even if you exploit the program you won't be able to do anything", and "you dumb, where did you encounter a Linux virus", but as far as i know DEP and ASLR were the mainstay of memory protection. Isn't Linux too late to the party? Multi-layered security?
- Likes 1
Leave a comment:
-
Linux Security Feature Revised For Randomizing The Kernel Stack Offset At Each System Call
Phoronix: Linux Security Feature Revised For Randomizing The Kernel Stack Offset At Each System Call
Patches have been revised for allowing Linux to support kernel stack base address offset randomization for each system call...
Tags: None
Leave a comment: