[$] An update on sealed system mappings
Date:
Tue, 04 Feb 2025 17:31:24 +0000
Description:
Jeff Xu has been working on a patch set that makes certain mappings in a process's address space
impossible to change, sealing them against tampering. This has some potential security benefits mainly, making
sure that someone cannot relocate the vsyscall and
vDSO mappings but some kernel developers haven't
been impressed with the patches.
While the core functionality (sealing the mappings) is sound, some of the supporting code for enabling and disabling the new feature caused concern by going against the normal design for such things. Reviewers also questioned
how this feature would interact with checkpointing and with sandboxing.
======================================================================
Link to news story:
https://lwn.net/Articles/1006375/
--- Mystic BBS v1.12 A47 (Linux/64)
* Origin: tqwNet UK HUB @ hub.uk.erb.pw (1337:1/100)