It's now available!
24.2.2025 19:44It's now available!We expect our 6.13 #grsecurity beta to be available within the next two weeks.
19.2.2025 20:45We expect our 6.13 #grsecurity beta to be available within the next two weeks.https://github.com/google/security-research/security/advisories/GHSA-4xq7-4mgh-gp6w
3.2.2025 18:46https://github.com/google/security-research/security/advisories/GHSA-4xq7-4mgh-gp6wOur 6.12 #grsecurity beta is now available to beta testers for testing
16.1.2025 21:13Our 6.12 #grsecurity beta is now available to beta testers for testingSlides for @wipawel's H2HC presentation this month on the TLB are now available on https://grsecurity.net/papers
If you've never heard of "paging-structure caches" before, check it out!
We need to post a correction to yesterday's eBPF performance numbers:
@minipli wasn't happy with just a 30x speedup and took a look at one final bottleneck that was bothering him.
The speedup over vanilla is now 747x 🤯 (5.27s vs 1h5m40s)
5.11.2024 19:06We need to post a correction to yesterday's eBPF performance numbers:@minipli wasn't happy with just a 30x speedup and took a look...If you're curious, we also fixed the failing vanilla testcases, without which the speedup would have appeared even larger than 30x. Every grsecurity option really means every single one, including RAP, PRIVATE_KSTACKS, KERNEXEC, UDEREF, AUTOSLAB, KERNSEAL, etc.
4.11.2024 20:54If you're curious, we also fixed the failing vanilla testcases, without which the speedup would have appeared even larger than 30x....Performance isn't the enemy of security: we care about both. Today's patches finish off a set of security/performance improvements to eBPF. Below we show a ~30x speedup vs vanilla in running the eBPF selftests with every single #grsecurity option enabled!
4.11.2024 20:48Performance isn't the enemy of security: we care about both. Today's patches finish off a set of security/performance improvements...In combination with the research published yesterday by ETHZ into IBPB implementation vulnerabilities on some Intel and AMD CPUs (https://comsec.ethz.ch/research/microarch/breaking-the-barrier/), Johannes Wikner has published a detailed walkthrough of the first cross-process Spectre exploit against a real target, an attack he developed in part during his internship with us last year.
Check it out here: https://grsecurity.net/cross_process_spectre_exploitation
19.10.2024 10:06In combination with the research published yesterday by ETHZ into IBPB implementation vulnerabilities on some Intel and AMD CPUs...A new version of paxctld (1.2.6) is now available for download!
25.9.2024 17:34A new version of paxctld (1.2.6) is now available for download!In light of the OpenSSH RCE advisory published today by Qualys: https://blog.qualys.com/vulnerabilities-threat-research/2024/07/01/regresshion-remote-unauthenticated-code-execution-vulnerability-in-openssh-server, where it references our March blog while discussing ASLR weaknesses being key to feasible modern i386 exploitation, here it is again in case you missed it: https://infosec.exchange/@grsecurity/112038132238817006
1.7.2024 17:19In light of the OpenSSH RCE advisory published today by Qualys:...In this blog, we dive deep into how the automation employed by the recently-formed Linux CNA managed to take a detailed, unrestricted vulnerability report for their 5.10 LTS kernel, and produce an error-filled CVE unhelpful for downstream consumers: https://grsecurity.net/cve-2021-4440_linux_cna_case_study
26.6.2024 14:38In this blog, we dive deep into how the automation employed by the recently-formed Linux CNA managed to take a detailed, unrestricted...A weakness 23 years in the making: binaries and libraries built with an older toolchain act as timebombs against ASLR under "recent" Linux kernel and glibc changes.
Users: Check your exposure!
Developers: Rebuild binaries to achieve full ASLR benefit!
https://grsecurity.net/toolchain_necromancy_past_mistakes_haunting_aslr
4.3.2024 15:30A weakness 23 years in the making: binaries and libraries built with an older toolchain act as timebombs against ASLR under...⬆️
⬇️