Blinking Robots
Now Reading
Google Proposes New mseal() Reminiscence Sealing Syscall For Linux
Blinking Robots
Blinking Robots
ProductHunt’s AI Onslaught: A Want for Stability
Exploring Net Designer Salaries Across the World
The Delusion of Incognito Mode: Why “Personal Searching” Isn’t So Personal
Welcoming 2023 with Pleasure and Optimism!
Thank You (2024 Version)
40 Finest New Web sites, 2024 (Thrilling Designs to Discover)
Santa’s Excessive-Tech Vacation Logistics: A UX Fairy Story
Unleash Your Creativity with Xmas.Piclooks.com
Santa Tracker 2024: Protecting the Magic Alive within the Digital Age
A CSS Wishlist for 2025 (Much less Than 100 Characters)
Decoding Airways’ Seat Choice Monetization Ways
Matt Mullenweg, WordPress, and the Battle for Management of the Web

Google Proposes New mseal() Reminiscence Sealing Syscall For Linux

by
October 17, 2023
2023-10-17 07:42:46

LINUX KERNEL

Google is proposing a brand new mseal() reminiscence sealing system name for the Linux kernel. Google intends for this structure unbiased system name to be initially utilized by the Google Chrome net browser on Chrome OS whereas experiments are underway to be used by Glibc within the dynamic linker to seal all non-writable segments at startup.

Leveraging mseal() will forestall system calls from modifying the metadata of digital addresses. Initially supported is sealing towards mprotect/pkey_mprotect, munmap, mmap, and mremap calls. Making the digital reminiscence space’s metadata immutable is being hunted for higher protections inside Google Chrome and the V8 JavaScript engine. The work being executed by Glibc so as to add sealing into the dynamic linker for sealing all non-writable segments at start-up time would additionally profit all purposes mechanically. These can see extra background info inside this kernel patch series.

DDR5 memory

But it surely’s not going to be accepted straight-away and can probably take some revisions earlier than evolving into an acceptable kind for upstreaming… Linus Torvalds himself has already expressed some reservations across the proposed mannequin:

So I’ve no objections to including some sort of “lock down reminiscence mappings” mannequin, however this is not it.

First off, the easy stuff: the commit messages are nugatory. Having

test seal for mmap(2)

See Also
The Hunt for the Lacking Information Kind

because the commit message just isn’t even remotely acceptable, to select one random instance from the collection (7/8).

However that does not matter a lot, since I feel the extra elementary issues are a lot worse:

– the entire “ON_BEHALF_OF_KERNEL” and “ON_BEHALF_OF_USERSPACE” is simply full noise and completely illogical. The entire idea must be redone.

Christ. That is *actually* the remap_file_pages() system name definition. No method in hell does “ON_BEHALF_OF_KERNEL” make any sense on this context.

Anyway, that is all a convincing NAK on this collection on this kind. My complaints aren’t some sort of small “repair this up”. These are elementary points.

So mseal() might want to return to the drafting board earlier than it is going to be thought-about by Linus Torvalds.

Source Link

What's Your Reaction?
Excited
0
Happy
0
In Love
0
Not Sure
0
Silly
0
View Comments (0)

Leave a Reply

Your email address will not be published.

Blinking Robots

2022 Blinking Robots.
WordPress by Doejo

Scroll To Top