The Kernel Self Protection Project which was established some months ago seems to gather more speed. In kernel 4.6 already several self protection features were introduced. Now in the source files of the soon to be released kernel 4.7 is a document which explains the background of those self protection measures which aim to better protect the kernel against various types of attacks. This alone suggests that Linux Torvalds has finally accepted the need for such improvements. As an outflux of these efforts several security features were introduced. One example is the optional SLAB freelist randomization which aims to protect against attacks using heap overflows. Another one is the new LSM LoadPin - details here. A 3rd one is the introduction of constant blinding. Good news!
Indeed. I look forward to more improvements. The linux kernel devs have the grsecurity patchset to at least look at for ideas if not grab code from.. Well, I havent checked out their licensing so I cant be sure there. Still good stuff..
They're both GPL, so it's OK to use code from one to another. I'm using 4.7-rc6 (latest git) on Arch and it's quite nice, except that my HD usage seems way higher at boot.
