Kernel 4.7 and the Kernel Self Protection Project

Discussion in 'all things UNIX' started by summerheat, Jul 7, 2016.

  1. summerheat

    summerheat Registered Member

    Joined:
    May 16, 2015
    Posts:
    729
    The Kernel Self Protection Project which was established some months ago seems to gather more speed. In kernel 4.6 already several self protection features were introduced. Now in the source files of the soon to be released kernel 4.7 is a document which explains the background of those self protection measures which aim to better protect the kernel against various types of attacks. This alone suggests that Linux Torvalds has finally accepted the need for such improvements.

    As an outflux of these efforts several security features were introduced. One example is the optional SLAB freelist randomization which aims to protect against attacks using heap overflows. Another one is the new LSM LoadPin - details here. A 3rd one is the introduction of constant blinding.

    Good news!
     
  2. Anonfame1

    Anonfame1 Registered Member

    Joined:
    May 25, 2016
    Posts:
    198
    Indeed. I look forward to more improvements. The linux kernel devs have the grsecurity patchset to at least look at for ideas if not grab code from.. Well, I havent checked out their licensing so I cant be sure there. Still good stuff..
     
  3. amarildojr

    amarildojr Registered Member

    Joined:
    Aug 8, 2013
    Posts:
    1,989
    Location:
    Brasil
    They're both GPL, so it's OK to use code from one to another.

    I'm using 4.7-rc6 (latest git) on Arch and it's quite nice, except that my HD usage seems way higher at boot.
     
  4. AutoCascade

    AutoCascade Registered Member

    Joined:
    Feb 16, 2014
    Posts:
    626
    Location:
    United States
    It's interesting that LoadPin was taken from ChromeOS.
     
Loading...