Headlines |
2017-06-15 |
A new OpenBSD kernel security feature |
|
Theo de Raadt has announced a new security feature is coming to the OpenBSD operating system which should make it more difficult to attack OpenBSD's kernel. The new feature, called kernel address randomized link, introduces small changes to the kernel each time the system boots. These changes in the internal layout of the kernel make it difficult for attackers to predict and exploit features in the kernel. "Previously, the kernel assembly language bootstrap/runtime locore.S was compiled and linked with all the other .c files of the kernel in a deterministic fashion. locore.o was always first, then the .c files order specified by our config utility and some helper files. In the new world order, locore is split into two files: One chunk is bootstrap, that is left at the beginning. The assembly language runtime and all other files are linked in random fashion. There are some other pieces to try to improve the randomness of the layout. As a result, every new kernel is unique. The relative offsets between functions and data are unique." Additional details and a roadmap for improving the randomization feature can be found in de Raadt's mailing list post. |
More headlines from this project
Back to News
|
|
TUXEDO |
TUXEDO Computers - Linux Hardware in a tailor made suite Choose from a wide range of laptops and PCs in various sizes and shapes at TUXEDOComputers.com. Every machine comes pre-installed and ready-to-run with Linux. Full 24 months of warranty and lifetime support included!
Learn more about our full service package and all benefits from buying at TUXEDO.
|
Star Labs |
Star Labs - Laptops built for Linux.
View our range including the highly anticipated StarFighter. Available with coreboot open-source firmware and a choice of Ubuntu, elementary, Manjaro and more. Visit Star Labs for information, to buy and get support.
|
|