Kees on Linux 4.14 security enhancements

Kees Cook has a new blog post, talking about new security features in Linux kernel 4.14.

vmapped kernel stack on arm64
set_fs() balance checking
SLUB freelist hardening
setuid-exec stack limitation
randstruct automatic struct selection
structleak passed-by-reference variable initialization
improved boot entropy
eBPF JIT for 32-bit ARM
seccomp improvements



Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s