Sujet : The Security Circus Continues
De : lt (at) *nospam* gnu.rocks (Lester Thorpe)
Groupes : comp.os.linux.advocacy comp.os.linux.misc alt.os.linuxSuivi-à : comp.os.linux.advocacyDate : 18. Sep 2024, 12:32:06
Autres entêtes
Organisation : UsenetExpress - www.usenetexpress.com
Message-ID : <17f6500d803f0672$39525$1458621$802601b3@news.usenetexpress.com>
User-Agent : Don't Look Here the Joke's in Your Pants
The security circus continues... (what else can it do?)
Kernel 6.11 has added yet more security garbage:
SLAB_BUCKETS
"Kernel heap attacks frequently depend on being able to create
specifically-sized allocations with user-controlled contents
that will be allocated into the same kmalloc bucket as a
target object. To avoid sharing these allocation buckets,
provide an explicitly separated set of buckets to be used for
user-controlled allocations. This may very slightly increase
memory fragmentation, though in practice it's only a handful
of extra pages since the bulk of user-controlled allocations
are relatively long-lived."
The rationale:
"many heap memory spraying/grooming attacks depend on using
userspace-controllable dynamically sized allocations to collide with
fixed size allocations that end up in same cache"
Yeah, sure.
Like who/what the fuck will ever attempt that on my personal
desktop workstation?
Just say "No." Keep your fucking security hallucinations off
of my fucking machine.
--
Systemd: solving all the problems that you never knew you had.