Linux kernel v4.15 is out, and here are the security features (not just PTI!) that I'm excited about: https://outflux.net/blog/archives/2018/02/05/security-things-in-linux-v4-15/ …
-
-
Replying to @kees_cook @andreyknvl
Software will always have bugs.But its meant to be:there are few bugs,attackers don't have good choice,we have dozens of mitigations,so hopefully some attacks can be stopped. While kernel has hundreds of read-write-what-where all over the place,none of this will really help.Sorry
2 replies 1 retweet 2 likes -
It seems to me that one of the most effective mitigations you can do against exploitation is to limit your .config to reduce the attack surface. It doesn't mean we should stop looking for bugs _or_ stop implementing other general mitigations though.
1 reply 0 retweets 1 like
When you can't control your .config (e.g. distro kernels) the most effective approximation of this is to disable module loading after boot finishes. :)
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.