linux-hardened issues

Ideally this would use a keyed hash, but SipHash is likely too slow. The `random ^ canary_address` technique doesn't even make each one unique on little endian architectures due to...

thestinger

type-enhancement

improve the robustness of slub page freelists

Ideally, out-of-line metadata like bitmaps would be used. However, progress can be made without any drastic changes particularly when canaries are enabled. It would be nice to have fast range-checking...

thestinger

type-enhancement

linux-hardened
linux-hardened copied to clipboard

Metadata

brute force protection

SROP mitigation with SipHash-generated cookies

type-based CFI for returns

stack clearing

struct layout randomization for Clang

extend SELinux memory protections to have parity with PaX MPROTECT

RANDKSTACK for arm64

slab FIFO / randomized quarantine (not tied to ASan)

improve slub canary generation

improve the robustness of slub page freelists

← Metadata

Owner

Metadata

linux-hardened linux-hardened copied to clipboard

Metadata

← Metadata

Owner

Metadata

linux-hardened
linux-hardened copied to clipboard