Our 6.18 #grsecurity LTS release, to be supported through at least the end of 2028, is now available!

Lies, damned lies and #statistics: Literature shows it's statistically possible to infer a password from typing habits given access to a side channel which reveals access and/or modification time such as stat(2), fanotify(7) or inotify(7). #grsecurity prevents this with GRKERNSEC_DEVICE_SIDECHANNEL which #sydbox inherited with its Device Sidechannel Mitigations: https://man.exherbo.org/syd.7.html#Device_Sidechannel_Mitigations #exherbo #linux #security

6.18 has been selected as the next #grsecurity stable kernel version, to be supported through the end of 2028, one year longer than the upstream LTS EOL date of Dec 2027.

#sydbox 3.37.3 is released with Trusted Symbolic Links a la CONFIG_GRKERNSEC_LINK of #grsecurity: https://man.exherbo.org/syd.7.html#Trusted_Symbolic_Links #exherbo #security #linux

Nice demo: tested a vulnerable Ubuntu 22.04 system for glibc CVE-2025-4802 using Solar Designer's PoC adapted to Ubuntu (replace any occurrence of "myhostname" with "mdns4_minimal"). Even an old #grsecurity 5.4.96 kernel from February 8 2021 prevented exploitation

We expect our 6.13 #grsecurity beta to be available within the next two weeks.

Our 6.12 #grsecurity beta is now available to beta testers for testing