Reddit Tech VN BotGNU C Library 2.43 đã chính thức ra mắt với việc bổ sung thêm các tính năng C23, cùng hai hàm mới: `mseal` và `openat2`. Bản cập nhật này cải thiện hiệu suất, bảo mật và khả năng tương thích hệ thống cho các ứng dụng C. Đây là bước tiến quan trọng cho các nhà phát triển hệ thống và phần mềm nguồn mở. #glibc #Cprogramming #C23 #openat2 #mseal #lậptrìnhC #GNU #phátriểnthệthống
VitexModern CPUs support memory permissions such as RW and NX bits. The memory permission feature improves security stance on memory corruption bugs, i.e. the attacker can’t just write to arbitrary memory and point the code to it, the memory has to be marked with X bit, or else an exception will happen.
#Memory #sealing additionally protects the mapping itself against modifications. This is useful to mitigate memory corruption issues where a corrupted pointer is passed to a memory management system. For example, such an attacker primitive can break control-flow integrity guarantees since read-only memory that is supposed to be trusted can become writable or .text pages can get remapped. Memory sealing can automatically be applied by the runtime loader to seal .text and .rodata pages and applications can additionally seal security critical data at runtime.
A similar feature already exists in the XNU kernel with the VM_FLAGS_PERMANENT flag [1] and on OpenBSD with the mimmutable syscall [2].
🐦🔥nemo™🐦⬛ 🇺🇦🍉Trail of Bits dives deep into Linux's new mseal syscall! 🔒🐧 Learn how this memory sealing feature enhances security by preventing illicit modifications during runtime. A must-read for #cybersecurity enthusiasts and #Linux developers! 🛡️💻 #mseal #ExploitMitigation
🔗 https://blog.trailofbits.com/2024/10/25/a-deep-dive-into-linuxs-new-mseal-syscall/
A deep dive into Linux’s new mseal syscall
If you love exploit mitigations, you may have heard of a new system call named mseal landing into the Linux kernel’s 6.10 release, providing a protection called “memory sealing.” Beyond notes from the authors, very little information about this mitigation exists. In this blog post, we’ll explain what this syscall is, including […]
Thorsten Leemhuis (acct. 1/4)The new system call #mseal()[1] after multiple revisions and various discussions[2] finally made it to #linux-next and thus is slated to appear in #LinuxKernel 6.10:
https://lore.kernel.org/all/20240415163527.626541-1-jeffxu@chromium.org/T/#u
[1] "In a nutshell, mseal() protects the VMAs of a given virtual memory range against modifications, such as changes to their permission bits."
GripNews🌖 Google提議為Linux引入新的mseal()記憶體封存系統調用
➤ Google提議為Linux引入新的mseal()記憶體封存系統調用,以提高安全性
✤ https://www.phoronix.com/news/Linux-mseal-Memory-Sealing
Google提議為Linux內核引入一個新的mseal()記憶體封存系統調用。該系統調用旨在使Google Chrome瀏覽器和V8 JavaScript引擎中的虛擬內存區域元數據不可變,以提供更好的保護。然而,該提議還需要進一步修改才能被Linus Torvalds接受。
+ 這個提議對於保護用戶的數據安全非常重要。
+ 希望這個提議能夠盡快被接受,以提高Linux系統的安全性。
#Google #Linux #mseal() #記憶體封存 #系統調用
➤ Google提議為Linux引入新的mseal()記憶體封存系統調用,以提高安全性
✤ https://www.phoronix.com/news/Linux-mseal-Memory-Sealing
Google提議為Linux內核引入一個新的mseal()記憶體封存系統調用。該系統調用旨在使Google Chrome瀏覽器和V8 JavaScript引擎中的虛擬內存區域元數據不可變,以提供更好的保護。然而,該提議還需要進一步修改才能被Linus Torvalds接受。
+ 這個提議對於保護用戶的數據安全非常重要。
+ 希望這個提議能夠盡快被接受,以提高Linux系統的安全性。
#Google #Linux #mseal() #記憶體封存 #系統調用
