Explore kernel hardening techniques in this 29-minute Linux Foundation conference talk. Learn about features implemented in the mainline Linux kernel to mitigate the impact of unknown bugs and reduce the attack surface. Discover the benefits and trade-offs of various hardening measures, including Debug, RoData, Stack Smashing Protection, User Memory Segregation, and Kernel Address Sanitizer. Gain insights from ARM kernel developer Mark Rutland on how these features can help protect systems against exploitation, even when vulnerabilities remain unfixed or undiscovered. Understand the limitations of these approaches and their role in enhancing overall kernel security.
Thwarting Unknown Bugs - Hardening Features in the Mainline Linux Kernel
Overview
Syllabus
Introduction
What is hardening
DebugRoData
Stack Smashing Protection
User Memory Segregation
Kernel Address Sanitizer
Taught by
Linux Foundation
Tags
Related Courses
-
Kernel Hardening for 32-bit Arm Processors
-
MPK/PKS Linux Kernel Compartmentalization
-
Does Making the Kernel Harder Make Making the Kernel Harder?
-
The State of Kernel Self Protection Project
-
HotBPF - On-demand and On-the-fly Memory Protection for the Linux Kernel
-
HotBPF++ - A More Powerful Memory Protection for the Linux Kernel
