Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Net: Consider hardening against in-kernel attacks #310

Open
solardiz opened this issue Feb 25, 2024 · 0 comments
Open

Net: Consider hardening against in-kernel attacks #310

solardiz opened this issue Feb 25, 2024 · 0 comments
Labels
enhancement New feature or request

Comments

@solardiz
Copy link
Contributor

Nov 10, 2022

LKRG protects some of its most critical variables by keeping them on a read-only page most of the time. Net is currently written as a somewhat-separate module that isn't similarly hardened - maybe it should eventually be hardened.

Also, maybe the kernel's data structures that we depend on (the printk ring buffer, the struct file for our reads from /dev/kmsg, etc.) should also be hardened (but how? we could detect corruption, but what we're to do on it besides panic when we know our logging is broken?) - or maybe that's a reason to move to (or introduce as duplicate/redundant) our own data structures eventually.
@solardiz solardiz added the enhancement New feature or request label Feb 25, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@solardiz