Zack's Kernel News

Zack's Kernel News

Article from Issue 282/2024
Author(s):

Chronicler Zack Brown reports on the latest news, views, dilemmas, and developments within the Linux kernel community.

Improving Web Browser Security

Jeff Xu submitted a security patch on behalf of the Chrome browser project. In general, browsers are among the most security-intensive software projects out there. Browsing the web involves directly running a whole lot of code from all over the Internet locally on your computer. Bad actors abound. Protecting users is one of the key essential features of any web browser.

In this case, Jeff proposed a new mseal() system call, which would allow Chrome to "seal" regions of memory against modification. Jeff's patch also included some changes to the generic mmap() system call to add the PROT_SEAL and MAP_SEALABLE bits to the mmap() flags. These on/off bits would tell whether a region had been sealed or was available to be sealed.

As Jeff explained it, "Memory sealing is useful to mitigate memory corruption issues where a corrupted pointer is passed to a memory management system. For example, such an attacker primitive can break control-flow integrity guarantees since read-only memory that is supposed to be trusted can become writable or .text pages can get remapped. Memory sealing can automatically be applied by the runtime loader to seal .text and rodata [read-only data] pages and applications can additionally seal security critical data at runtime."

[...]

Use Express-Checkout link below to read the full article (PDF).

Buy this article as PDF

Download Article PDF now with Express Checkout
Price $2.95
(incl. VAT)

Buy Linux Magazine

SINGLE ISSUES
Print Issues
Digital Issues
SUBSCRIPTIONS
Print Subscriptions
Digital Subscriptions

Related content

  • Kernel 6.10 Available for General Usage

    Linus Torvalds has released the 6.10 kernel and it includes significant performance increases for Intel Core hybrid systems and more.

    more »
  • Reiserfs Experiencing Turbulent Updates

    When Jeff Mahoney sent in a bunch of patches for reiserfs, he assumed that the filesystem would be frozen in maintenance mode from that point on. Things turned out differently.

    more »
  • New Linux Tool for Security Issues

    Seal Security is launching a new solution to automate fixing Linux vulnerabilities.

    more »
  • News

    In the news: Ubuntu 24.10 to Include the Latest Linux Kernel; Plasma Desktop 6.1.4 Release; Manjaro Team Tests Immutable Version; Vanilla OS 2 Available; Debian-Based eLxr Distribution for Edge Deployments; NVIDIA Driver for Upcoming NVIDIA 560 GPU for Linux; OpenMandriva Lx 24.07 Released; and Kernel 6.10 Available for General Usage.

    more »
  • FOSDEM 2005

    The annual winter meeting of Europe’s open source developers took place February 25-27 in Brussels, Belgium. Again the event was a mustn’t miss for thousands of contributors to free projects and a welcome opportunity for developers to exchange ideas outside the borders of their own communities.

    more »
comments powered by Disqus
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters

Support Our Work

Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.

Learn More

News

Tag Cloud

Administration Community Desktop Events Hardware Linux Mobile Programming Security Software Ubuntu Web Development Windows free software open source