Announcement

Collapse
No announcement yet.

FGKASLR Is An Exciting Linux Kernel Improvement To Look Forward To In 2022

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
  • #1

    FGKASLR Is An Exciting Linux Kernel Improvement To Look Forward To In 2022

    Phoronix: FGKASLR Is An Exciting Linux Kernel Improvement To Look Forward To In 2022

    It's been nearly two years in the making since Intel posted FGKASLR patches for improving Linux kernel security. While that work on Finer Grained / Function Granular KASLR stalled for a year, in recent months work on it was revived and in 2022 looks like this security is on a path for mainlining...

    FGKASLR Is An Exciting Linux Kernel Improvement To Look Forward To In 2022 - Phoronix
    https://www.phoronix.com/scan.php?page=news_item&px=Linux-FGKASLR-2022
    Phoronix, Linux Hardware Reviews, Linux hardware benchmarks, Linux server benchmarks, Linux benchmarking, Desktop Linux, Linux performance, Open Source graphics, Linux How To, Ubuntu benchmarks, Ubuntu hardware, Phoronix Test Suite
    Tags: None
  • #2
    I hope this is not because there is yet another major vulnerability that Intel hasn't disclosed yet but is aware of...

    Comment

    • #3
      Originally posted by tildearrow View Post
      I hope this is not because there is yet another major vulnerability that Intel hasn't disclosed yet but is aware of...
      it has nothing to do with it, it simply makes most vulnerabilities harder to exploit, as now exploit wouldn't only have to figure out base adreess like in KASLR but also function exactly that exploit wants to read/overwrite etc. Meltdown/Spectre are quite "above" tier exploits which will not care much about randomization, and were commonly used for sake of defeating randomizations.
      • Likes 1

      Comment

      • #4
        Originally posted by piotrj3 View Post

        it has nothing to do with it, it simply makes most vulnerabilities harder to exploit, as now exploit wouldn't only have to figure out base adreess like in KASLR but also function exactly that exploit wants to read/overwrite etc. Meltdown/Spectre are quite "above" tier exploits which will not care much about randomization, and were commonly used for sake of defeating randomizations.
        That's the concern tho. If there are vulnerabilities out there which can sidestep this kind of randomization, why wouldn't those be targeted instead of where the functions are?

        Comment

        Previous template Next
        Working...
        X