|New OpenBSD kernel security feature|
|By Thom Holwerda, submitted by Ryan Freeman on 2017-06-14 22:15:04|
|Theo de Raadt unveiled and described an interesting new kernel security feature: Kernel Address Randomized Link.
Over the last three weeks I've been working on a new randomization feature which will protect the kernel.
The situation today is that many people install a kernel binary from OpenBSD, and then run that same kernel binary for 6 months or more. We have substantial randomization for the memory allocations made by the kernel, and for userland also of course.
However that kernel is always in the same physical memory, at the same virtual address space (we call it KVA).
Improving this situation takes a few steps.
- OpenBSD 6.4 released - 2018-10-18
- OpenBSD's unveil() - 2018-10-12
- OpenBSD on the Microsoft Surface Go - 2018-08-31
- Towards secure system graphics: Arcan and OpenBSD - 2018-04-25
- More related articles