home.social

#mseal — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #mseal, aggregated by home.social.

  1. Reddit Tech VN Bot @[email protected] ·

    GNU C Library 2.43 đã chính thức ra mắt với việc bổ sung thêm các tính năng C23, cùng hai hàm mới: `mseal` và `openat2`. Bản cập nhật này cải thiện hiệu suất, bảo mật và khả năng tương thích hệ thống cho các ứng dụng C. Đây là bước tiến quan trọng cho các nhà phát triển hệ thống và phần mềm nguồn mở. #glibc #Cprogramming #C23 #openat2 #mseal #lậptrìnhC #GNU #phátriểnthệthống

    reddit.com/r/programming/comme

    #glibc #cprogramming #c23 #openat2 #mseal #lậptrinhc
  2. Vitex @[email protected] ·

    Modern CPUs support memory permissions such as RW and NX bits. The memory permission feature improves security stance on memory corruption bugs, i.e. the attacker can’t just write to arbitrary memory and point the code to it, the memory has to be marked with X bit, or else an exception will happen.

    #Memory #sealing additionally protects the mapping itself against modifications. This is useful to mitigate memory corruption issues where a corrupted pointer is passed to a memory management system. For example, such an attacker primitive can break control-flow integrity guarantees since read-only memory that is supposed to be trusted can become writable or .text pages can get remapped. Memory sealing can automatically be applied by the runtime loader to seal .text and .rodata pages and applications can additionally seal security critical data at runtime.

    A similar feature already exists in the XNU kernel with the VM_FLAGS_PERMANENT flag [1] and on OpenBSD with the mimmutable syscall [2].

    #Linux #Kernel #Security #mseal

    docs.kernel.org/userspace-api/

    #memory #sealing #linux #kernel #security #mseal
  3. :awesome:🐦‍🔥nemo™🐦‍⬛ 🇺🇦🍉 @[email protected] ·

    Trail of Bits dives deep into Linux's new mseal syscall! 🔒🐧 Learn how this memory sealing feature enhances security by preventing illicit modifications during runtime. A must-read for #cybersecurity enthusiasts and #Linux developers! 🛡️💻 #mseal #ExploitMitigation

    🔗 blog.trailofbits.com/2024/10/2

    #exploitmitigation #mseal #linux #cybersecurity
  4. Thorsten Leemhuis (acct. 1/4) @kernellogger ·

    The new system call ()[1] after multiple revisions and various discussions[2] finally made it to -next and thus is slated to appear in 6.10:

    lore.kernel.org/all/2024041516

    [1] "In a nutshell, mseal() protects the VMAs of a given virtual memory range against modifications, such as changes to their permission bits."

    [2] lwn.net/Articles/948129/

    #mseal #linux #linuxkernel