Linked by Thom Holwerda on Wed 14th Jun 2017 22:15 UTC, submitted by Ryan Freeman
OpenBSD Theo de Raadt unveiled and described an interesting new kernel security feature: Kernel Address Randomized Link.

Over the last three weeks I've been working on a new randomization feature which will protect the kernel.

The situation today is that many people install a kernel binary from OpenBSD, and then run that same kernel binary for 6 months or more. We have substantial randomization for the memory allocations made by the kernel, and for userland also of course.

However that kernel is always in the same physical memory, at the same virtual address space (we call it KVA).

Improving this situation takes a few steps.

Share this story

Your Name:

Your Email:

Your Friend's Email:

Please confirm the image:
Captcha