security things in Linux v5.2
https://outflux.net/blog/archives/2019/07/17/security-things-in-linux-v5-2/ [outflux.net]
2019-07-18 19:17
page allocator freelist randomization
And some other things as well.
site: outflux.net
security things in Linux v5.2
https://outflux.net/blog/archives/2019/07/17/security-things-in-linux-v5-2/ [outflux.net]
2019-07-18 19:17
page allocator freelist randomization
And some other things as well.
security things in Linux v5.1
https://outflux.net/blog/archives/2019/05/27/security-things-in-linux-v5-1/ [outflux.net]
2019-05-28 15:50
Linux kernel v5.1 has been released! Here are some security-related things that stood out to me:
security things in Linux v4.12
https://outflux.net/blog/archives/2017/07/10/security-things-in-linux-v4-12/ [outflux.net]
2017-08-11 20:36
Here’s a quick summary of some of the interesting security things in last week’s v4.12 release of the Linux kernel
source: HN
security things in Linux v4.11
https://outflux.net/blog/archives/2017/05/02/security-things-in-linux-v4-11/ [outflux.net]
2017-05-05 22:56
Ref counting and info leaks mitigations, etc.
source: solar
security things in Linux v4.10
https://outflux.net/blog/archives/2017/02/27/security-things-in-linux-v4-10/ [outflux.net]
2017-03-24 19:44
Ongoing series with quick notes.
security things in Linux v4.9
https://outflux.net/blog/archives/2016/12/12/security-things-in-linux-v4-9/ [outflux.net]
2016-12-13 06:07
Not sure I concur with assessment of entropy gathering.
Since the branch and loop ordering is very specific to boot conditions, CPU quirks, memory layout, etc, this provides some additional uncertainty to the kernel’s entropy pool. Since the entropy actually gathered is hard to measure, no entropy is “credited”, but rather used to mix the existing pool further. Probably the best place to enable this plugin is on small devices without other strong sources of entropy.
It’s not a bad idea per se, but small devices without other entropy are also the most likely to have identical CPUs and memory layouts, etc.