Language Selection

English French German Italian Portuguese Spanish

Securing the Kernel Stack

Filed under
Linux
Security

The Linux kernel stack is a tempting target for attack. This is because the kernel needs to keep track of where it is. If a function gets called, which then calls another, which then calls another, the kernel needs to remember the order they were all called, so that each function can return to the function that called it. To do that, the kernel keeps a "stack" of values representing the history of its current context.

If an attacker manages to trick the kernel into thinking it should transfer execution to the wrong location, it's possible the attacker could run arbitrary code with root-level privileges. Once that happens, the attacker has won, and the computer is fully compromised. And, one way to trick the kernel this way is to modify the stack somehow, or make predictions about the stack, or take over programs that are located where the stack is pointing.

Protecting the kernel stack is crucial, and it's the subject of a lot of ongoing work. There are many approaches to making it difficult for attackers to do this or that little thing that would expose the kernel to being compromised.

Read more

Also: AMD Zen 2 + Radeon RX 5700 Series For Linux Expectations

More in Tux Machines

Android Leftovers

Firefox 69 Beta On Linux Bringing Better Performance

With the recent release of Mozilla Firefox 68 there are some nice WebRender performance improvements that Linux users can enjoy. But with Firefox 69 now in beta there is even better performance, including when enabling WebRender on Linux. Given the recent Firefox 68.0 release and Firefox 69.0 being promoted to beta, I ran some fresh browser benchmarks for checking out the current state of Mozilla's Linux performance from the Ubuntu desktop. The official Mozilla Firefox binaries for Linux x86_64 67.0.4, 68.0, and 69.0b3 were tested on the same system in a variety of browser benchmarks. Read more

today's leftovers

  • Btrfs Gets Cleaned Up & Code Refactoring For Linux 5.3

    David Sterba sent in the Btrfs file-system updates on Monday for the Linux 5.3 kernel. Btrfs for Linux 5.3 doesn't present any shiny new features but is mostly focused on bug fixes and low-level code improvements. One of the internal changes worth pointing out for Btrfs is changing its CRC32C usage so that it can be hardware-assisted on more architectures where native instructions or optimized code paths are available. More Btrfs code has also been positioned for more checksum algorithms moving forward.

  • g_array_binary_search in GLib 2.61.2

    The final API so far in this mini-series on new APIs in the GLib 2.62 series is g_array_binary_search(), put together by Emmanuel Fleury and based on code by Christian Hergert. It’s due to be released in 2.61.2 soon. But first, a reminder about GLib version numbering. Like the rest of GNOME’s official module set, GLib follows an odd/even versioning scheme, where every odd minor version number, like 2.61.x, is an unstable release building up to an even minor version number, like 2.62.x, which is stable. APIs may be added in unstable releases. They may be modified or even removed (if they haven’t been in a stable release yet). So all of the APIs I’ve blogged about recently still have a chance to be tweaked or dropped if people find problems with them. So if you see a problem or think that one of these APIs would be awkward to use in some way, please say, sooner rather than later! They need fixing before they’re in a stable release.

  • Rabimba: ARCore and Arkit: What is under the hood : Anchors and World Mapping (Part 1)

    Some of you know I have been recently experimenting a bit more with WebXR than a WebVR and when we talk about mobile Mixed Reality, ARkit and ARCore is something which plays a pivotal role to map and understand the environment inside our applications. I am planning to write a series of blog posts on how you can start developing WebXR applications now and play with them starting with the basics and then going on to using different features of it. But before that, I planned to pen down this series of how actually the "world mapping" works in arcore and arkit. So that we have a better understanding of the Mixed Reality capabilities of the devices we will be working with.

  • 10 Best Automated Backup Plugins for WordPress in 2019

    As an online business owner and/or site administrator it is important that you are always ahead of probable data damage by having a data contingency plan. On WordPress, this process has been simplified for all levels of users in the form of backup plugins that can enable you to automate full or partial backups which you can easily restore from later on. Today, we bring you a list of the 10 best plugins for backing up your WordPress site. They all feature a clean modern UI, in active development with millions of downloads, and most of them are 100% free!

today's howtos and software bits